Land rapid7#5682, Update Flash CVE-2015-5119 ranking

wchen-r7 · wchen-r7 · commit adfb66334333 · 2015-07-07T15:57:28.000-05:00
diff --git a/modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb b/modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
@@ -6,7 +6,7 @@
 require 'msf/core'
 
 class Metasploit3 < Msf::Exploit::Remote
-  Rank = GoodRanking
+  Rank = GreatRanking
 
   include Msf::Exploit::Remote::BrowserExploitServer
 
@@ -19,7 +19,6 @@ def initialize(info={})
         described as an Use After Free while handling ByteArray objects. This module has
         been tested successfully on:
 
-        Windows XP, Chrome 43 and Flash 18.0.0.194,
         Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.194,
         Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194,
         Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.194,
@@ -35,9 +34,10 @@ def initialize(info={})
         ],
       'References'          =>
         [
+          ['CVE', '2015-5119'],
+          ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsa15-03.html'],
           ['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/'],
-          ['URL', 'https://twitter.com/w3bd3vil/status/618168863708962816'],
-          ['CVE', '2015-5119']
+          ['URL', 'https://twitter.com/w3bd3vil/status/618168863708962816']
         ],
       'Payload'             =>
         {
@@ -59,7 +59,7 @@ def initialize(info={})
           :ua_name => lambda do |ua|
             case target.name
             when 'Windows'
-              return true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF || ua == Msf::HttpClients::CHROME
+              return true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF
             when 'Linux'
               return true if ua == Msf::HttpClients::FF
             end
