ms11xxx_ie_css

[Miguel Rios <miguelrios35 () yahoo com>]

Hi everyone and Merry Xmas,

I've been messing about with the new ms11xxx_ie_css exploit and I have a few questions maybe someone here can help 
with. (by the way thanks jduck for such a quick job)

The exploit works fairly reliably for me but unfortunately it's detected already by avira and NOD. So I decided to save 
the html files produced by the module to see if I could find out what part of the javascript was triggering the AVs. 
Anyway, I see that when I just open the html file locally the exploit fails. I presume this is because there is an URI 
to a dll and it's referenced locally. Is this correct? If so, where does the created dll get stored so I can reference 
it correctly?

I wish we had jsidle already incorporated into metasploit (I recall he posted a few patches for some modules, including 
ie_peers I believe). It's getting tougher and tougher to bypass AVs on client sides.



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework