WMF: New Metasploit Framework Module

[hdm at metasploit.com (H D Moore)]

Happy new years!

The exploit module has been updated again. Windows 2003 and some XP 
installations weren't accepting the Content-Disposition trick. The 
payload needed to be dword aligned or the exploit would fail once in a 
while. Additionally, the Metafile type field has been set to an undefined 
value that just happens to work. The result is a 100% clean report from 
virustotal.com. The BleedingSnort signatures are still your best bet, you 
can find the latest version online:

http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_WMF_Exploit

-HD

On Saturday 31 December 2005 01:35, H D Moore wrote:
> We just released a new version of the Metasploit Framework exploit
> module for the Escape/SetAbortFunc code execution flaw.