This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in the way WMF metafile images are handled by Microsoft Window's graphic rendering engine. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack. Also, this module can drop a specially crafted WMF file in a local folder of the user's choice. This file can later be embedded into a Microsoft Office document or placed in a shared folder. Exploitation will occur in the first case when the user opens the document, and in the second case when the user double clicks on the image file, or simply browses the folder in Thumbnail View. Note that the file does not need to have the .wmf extension to work correctly, as Windows will detect the correct file type by examining it's contents.
CVE Link
Exploit Platform
Exploit Type
Product Name