Change check()

wchen-r7 · wchen-r7 · commit dedfca163d79 · 2015-06-22T15:05:12.000-05:00
diff --git a/modules/exploits/windows/local/ms15_051_client_copy_image.rb b/modules/exploits/windows/local/ms15_051_client_copy_image.rb
@@ -22,7 +22,7 @@ def initialize(info={})
       'Description'     => %q{
         This module exploits improper object handling in the win32k.sys kernel mode driver.
         This module has been tested on vulnerable builds of Windows 7 x64 and x86, and
-        Windows 2008 R2 SP1 x64. The exploit should also work on earlier builds of windows.
+        Windows 2008 R2 SP1 x64.
       },
       'License'         => MSF_LICENSE,
       'Author'          => [
@@ -57,6 +57,11 @@ def initialize(info={})
   end
 
   def check
+    # Windows Server 2008 Enterprise SP2 (32-bit)  6.0.6002.18005 (Does not work)
+    # Winodws 7 SP1 (64-bit)                       6.1.7601.17514 (Works)
+    # Windows 7 SP1 (32-bit)                       6.1.7601.17514 (Works)
+    # Windows Server 2008 R2 (64-bit) SP1          6.1.7601.17514 (Works)
+
     if sysinfo['OS'] !~ /windows/i
       return Exploit::CheckCode::Unknown
     end
@@ -71,7 +76,7 @@ def check
     major, minor, build, revision, branch = file_version(file_path)
     vprint_status("win32k.sys file version: #{major}.#{minor}.#{build}.#{revision} branch: #{branch}")
 
-    return Exploit::CheckCode::Safe if build > 7601
+    return Exploit::CheckCode::Safe if build == 7601
 
     return Exploit::CheckCode::Detected
   end
