RCA done, the new description explains what really happens that causes the vulnerability.

git-svn-id: file:///home/svn/framework3/trunk@12705 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/windows/fileformat/visiwave_vwr_type.rb

@@ -20,12 +20,15 @@ class Metasploit3 < Msf::Exploit::Remote
 		super(update_info(info,
 			'Name'           => 'VisiWave VWR File Parsing Buffer Overflow',
 			'Description'    => %q{
-				This module exploits a stack based buffer overflow in VisiWave's Site Survey Report application. 
-				When processing .VWR files, data is read from file into a fixed-size stack buffer. Since no bounds 
-				checking is done, a buffer overflow can occur. Attackers can execute arbitrary code by convincing 
-				their victim to open an VWR file. This module was built to bypass aslr & dep.
+				This module exploits a vulnerability found in VisiWave's Site Survey Report application.
+				When processing .VWR files, VisiWave.exe attempts to match a valid pointer based on the 'Type'
+				property (valid ones include 'Properties', 'TitlePage', 'Details', 'Graph', 'Table', 'Text',
+				'Image'), but if a match isn't found, the function that's supposed to handle this routine
+				ends up returning the input as a pointer, and later used in a CALL DWORD PTR [EDX+10]
+				instruction.  This allows attackers to overwrite it with any arbitrary value, and results code
+				execution.  This module was built to bypass ASLR and DEP.
 
-				NOTE: During installation, the application will register two file handle's, VWS and VWR and allows a 
+				NOTE: During installation, the application will register two file handle's, VWS and VWR and allows a
 				victim user to 'double click' the malicious VWR file and execute code.
 			},
 			'License'        => MSF_LICENSE,