This Metasploit module exploits a buffer overflow in l3codecx.ax while processing a AVI files with MPEG Layer-3 audio contents. The overflow only allows to overwrite with 0's so the three least significant bytes of EIP saved on stack are overwritten and shellcode is mapped using the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. Please note on IE 8 targets, your malicious URL must be a trusted site in order to load the .Net control.
bf8b665e00a66d83f342244fe6468d8bae22e7105c7353d9ceb3aa7194057854
covertsession is a command line tool that allows you to create a TCP session that IDS sensors cannot parse correctly. What this tool lets you do is inject bytes into your outbound data stream that an IDS sensor will treat as part of the data stream but the remote OS will ignore. If used correctly it can cause a signature not to match. This tool provides command line options to control how bytes are injected. It can use a file as its source of input. Or it can listen on a local port, redirecting the TCP session covertly to an IP:Port specified on the command line. Tested against Snort 2.2.
0ae15acc4feea9b3deae43d9277a060af770fcb25fc29192f6682a0b370d77d1