This Metasploit module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This Metasploit module generates a random WMF record stream for each request.
86db9cc6a7d38fd5ac3353ce911cfa4cb32c5b51f03725a5e001c941eb2b3e42
Microsoft Windows Metafile (WMF) SetAbortProc remote code execution exploit which takes advantage of a vulnerability in the GDI library by using the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. Tested against Windows XP and 2003.
bdfd116bc6a03d8c1124c067854578e4ef5e1ef88b7c3bd05c6e6f83179f797c
Xcon 2005: Hacking Windows CE
590f520dff1623d1a11b0e8d49ad52cb7733604cf0dae833442b8908ea8a6183