Use Gem::Version for string versions comparison

jvazquez-r7 · jvazquez-r7 · commit a081beacc22b · 2014-06-20T09:44:29.000-05:00
diff --git a/modules/exploits/windows/local/ms14_009_ie_dfsvc.rb b/modules/exploits/windows/local/ms14_009_ie_dfsvc.rb
@@ -83,11 +83,11 @@ def check
 
     mscorlib_version = get_mscorlib_version
 
-    if valid_mscorlib_version?(net_version, mscorlib_version)
-      return Exploit::CheckCode::Vulnerable
+    if Gem::Version.new(mscorlib_version) >= Gem::Version.new(NET_VERSIONS[net_version]["mscorlib"])
+      return Exploit::CheckCode::Safe
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Vulnerable
   end
 
   def get_net_version
@@ -144,7 +144,7 @@ def exploit
 
     mscorlib_version = get_mscorlib_version
 
-    unless valid_mscorlib_version?(net_version, mscorlib_version)
+    if Gem::Version.new(mscorlib_version) >= Gem::Version.new(NET_VERSIONS[net_version]["mscorlib"])
       fail_with(Failure::NotVulnerable, ".NET Installation not vulnerable")
     end
 
@@ -166,28 +166,6 @@ def exploit
     )
   end
 
-  def valid_mscorlib_version?(net_version, mscorlib_version)
-    valid = false
-
-    mscorlib = mscorlib_version.split(".")
-    mscorlib.reverse!
-
-    max_version = NET_VERSIONS[net_version]["mscorlib"].split(".")
-    max_version.reverse!
-
-    i = 0
-    mscorlib.each do |v|
-      if v.to_i < max_version[i].to_i
-        valid = true
-      elsif v.to_i > max_version[i].to_i
-        valid = false
-      end
-      i = i + 1
-    end
-
-    valid
-  end
-
   def cleanup
     session.railgun.kernel32.SetEnvironmentVariableA("PSHCMD", nil)
     super
