Hummingbird STR Service Buffer Overflow

Hummingbird STR service STRsvc.exe is installed on the remote host. It is included with EMC Documentum eRoom, OpenText Hummingbird, and OpenText Search Server. The installed version is affected by a buffer overflow vulnerability. By sending a very large packet to the Hummingbird STR service, it m...

多个厂商Hummingbird STR服务栈溢出漏洞

BUGTRAQ ID: 36868 EMC Documentum eRoom是基于WEB的协作服务器，OpenText Search Server是高效的纯文本搜索引擎，上述产品都使用了Hummingbird STR服务。 默认监听于TCP 10500端口上的Hummingbird STR服务（STRsvc.exe）中存在栈溢出漏洞。STRlib.dll模块将接收到的网络报文拷贝到了静态的栈缓冲区，如果发送了超长的报文就可以触发栈溢出，导致以SYSTEM权限执行任意指令。 EMC Documentum eRoom 7.4.1 Open Text Corporation Search...

Hummingbird STR service / EMC Documentum eRoom / OpenText Search Server buffer overflow

Buffer overflow on TCP/10500 traffic parsing...

ZDI-09-074: Multiple Vendor Hummingbird STR Service Stack Overflow Vulnerability

ZDI-09-074: Multiple Vendor Hummingbird STR Service Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-074 October 28, 2009 -- Affected Vendors: EMC OpenText -- Affected Products: EMC Documentum eRoom OpenText Hummingbird OpenText Search Server -- TippingPointTM IPS...

Multiple Vendor Hummingbird STR Service Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Documentum eRoom, OpenText Hummingbird and OpenText Search Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Hummingbird STR...

DSquare Exploit Pack: D2SEC_HBDW

Name| d2sechbdw ---|--- CVE| CVE-2008-4728 Exploit Pack| D2ExploitPack Description| Hummingbird Deployment Wizard ActiveX Arbitrary Code Execution Vulnerability Notes|...

Design/Logic Flaw

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 DeployRun.dll ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the 1 Run and 2 PerformUpdateAsync methods, and 3 modify arbitrary registry values via...

CVE-2008-4728

Affected software: Hummingbird Deployment Wizard 2008 (version 10.0.0.44) with DeployRun.DeploymentSetup.1 ActiveX control. Vulnerabilities allow remote arbitrary-program execution via DeployRun.dll methods Run and PerformUpdateAsync, and arbitrary registry modification via SetRegistryValueAsStri...

CVE-2008-4729

CVE-2008-4729 concerns a stack-based buffer overflow in the Hummingbird XWebHostCtrl.1 ActiveX control (hclxweb.dll) used by Hummingbird Xweb ActiveX Control <= 13.0. The overflow is triggered by a too-long PlainTextPassword property, potentially enabling remote arbitrary code execution; note ...

Hummingbird Deployment Wizard ActiveX Control Multiple Security Vulnerabilities

This host is installed with Deployment Wizard ActiveX Control and is prone to multiple security vulnerabilities. The multiple flaws are due to error in 'SetRegistryValueAsString', 'Run' and 'PerformUpdateAsync' methods in DeployRun.DeploymentSetup.1 DeployRun.dll ActiveX control. OpenVAS...

PT-2008-5939 · Hummingbird · Hummingbird Deployment Wizard

Name of the Vulnerable Software and Affected Versions: Hummingbird Deployment Wizard 2008 version 10.0.0.44 Description: The issue concerns insecure methods in the DeployRun.DeploymentSetup.1 ActiveX control, allowing remote attackers to execute arbitrary programs via the Run and PerformUpdateAsy...

Hummingbird Deployment Wizard ActiveX Control Multiple Security Vulnerabilities

Deployment Wizard ActiveX Control is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hummingbird HostExplorer ActiveX Control BOF Vulnerability

This host has Hummingbird HostExplorer ActiveX Control installed and is prone to stack based buffer overflow vulnerability. The flaw is due to error in Hummingbird.XWebHostCtrl.1 ActiveX control in hclxweb.dll file when handling the 'PlainTextPassword' function, which can be exploited by assignin...

Hummingbird HostExplorer ActiveX Control BOF Vulnerability

Hummingbird HostExplorer ActiveX Control is prone to a stack based buffer overflow vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

hummingbird-exec.txt

------------------------------------------------------------------------------ Hummingbird Deployment Wizard 2008 DeployRun.dll Arbitrary File Execution url: http://www.hummingbird.com Author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.net This was written for educational...

hummingbird-registry.txt

------------------------------------------------------------------------------------ Hummingbird Deployment Wizard 2008 DeployRun.dll Registry Values Creation/Change url: http://www.hummingbird.com Author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.net This was written for...

Hummingbird Deployment Wizard 2008 ActiveX File Execution(2)

Exploit for unknown platform in category remote exploits ============================================================ Hummingbird Deployment Wizard 2008 ActiveX File Execution2 ============================================================...

Hummingbird <= 13.0 ActiveX Remote Buffer Overflow PoC

No description provided by source. html !-- the latest version of this activex 13.0 is compiled with /gs, earlier versions aren't. The XXXX would have overwritten return address. by [email protected] -- object classid='clsid:FFB6CC68-702D-4FE2-A8E7-4DE23835F0D2' id='target' /object script...

Hummingbird Deployment Wizard 2008 ActiveX File Execution(2)

No description provided by source. -------------------------------------------------------------------------------- Hummingbird Deployment Wizard 2008 DeployRun.dll Arbitrary File Execution2 url: http://www.hummingbird.com Author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.ne...

Hummingbird Deployment Wizard 2008 ActiveX Command Execution

No description provided by source. ------------------------------------------------------------------------------ Hummingbird Deployment Wizard 2008 DeployRun.dll Arbitrary File Execution url: http://www.hummingbird.com Author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.net...