Metasploit mailing list archives
Metasploit Framework Updates
From: hdm at metasploit.com (H D Moore)
Date: Sun, 1 Oct 2006 21:30:21 -0500
Hi everyone, This is a just a quick review of some recent updates: mcafee_epolicy_source: This module exploits an unpublished (and unpatched) vulnerability in the McAfee ePolicy Manager server. Muts discovered this flaw in July and published the advisory about an hour ago: http://www.remote-exploit.org/advisories/mcafee-epo.pdf ie_webview_setslice: Due to popular demand, this exploit has been ported to the 2.6 source tree, and a few new evasion methods were added for fun. A friend of mine discovered a much more reliable way of exploiting this bug, so we can look forward to much better version in the future. ie_createobject: The object order has been changed to allow the interesting bugs to be used first. This module was released a couple months ago and actually includes a still-unpatched vulnerability in a control shipped with WMI SDK. It pays to look closely :-) ie_vml_rectfill: The new MSB reference was added and the randomized variables are now guaranteed to be at least 8 characters long (versus 2 before). netapi_ms06_040: Support for auto-detection of NT 4.0 targets has been added to this module (its had it for a while, but I forgot to upload it). A return address fo the stack overflow method was submitted for the Italian version of Windows XP SP1 by diaul. Thats it for now -- use msfupdate or download a 2.6 snapshot. -HD
Current thread:
- Metasploit Framework Updates H D Moore (Oct 01)