CVE Vulnerability

CVE-2008-4728

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html Exploit
http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html Exploit
http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html Exploit
http://secunia.com/advisories/32337 Vendor Advisory
http://www.securityfocus.com/bid/31799
http://www.vupen.com/english/advisories/2008/2857
https://exchange.xforce.ibmcloud.com/vulnerabilities/45961
https://www.exploit-db.com/exploits/6776
https://www.exploit-db.com/exploits/6774
https://www.exploit-db.com/exploits/6773
Configurations

Configuration 1

cpe:2.3:a:hummingbird:deployment_wizard:2008:*:*:*:*:*:*:*
Information

Published : 2008-10-24 12:00

Updated : 2017-09-29 01:32

NVD link : CVE-2008-4728

Mitre link : CVE-2008-4728

Products Affected
No products.
CWE
NVD-CWE-Other