Attention: Windows and msfweb users

[hdm at metasploit.com (H D Moore)]

A serious bug was fixed in the msfweb interface (the default interface on 
the Windows platform). Please use the 'Online Update' menu item or 
the 'svn update' command to obtain the latest patches.

The bug was caused by Rails. Specifically, the version of Rails used by 
the msfweb interface. This version of Rails changes the $KCODE global 
variable to "u", which forces all strings to be treated as unicode. This 
is a major problem when it comes to any form of binary string 
manipulation (ie. shellcode, random text strings, encoders, etc). The 
solution was to overload the Rails::Initializer class with a new 
initialize_encoding() method that forces Ruby to stick with plain old 
ascii strings. This seems to solve the problem and I was able to test out 
the new ANI exploits from my Windows install of Metasploit.

This is the reason why exploits would randomly fail on Windows (and 
msfweb), but work perfectly from the command line on Unix systems.

If anyone runs into problem using the ANI exploits from the Windows 
platform, please let me know ASAP.

-HD