CVE-2008-4728 - Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX

CVE-2008-4728

Summary

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

References

Vulnerable Configurations

cpe:2.3:a:hummingbird:deployment_wizard:2008:*:*:*:*:*:*:*
cpe:2.3:a:hummingbird:deployment_wizard:2008:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	31799
exploit-db	6773 6774 6776
misc	http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html
secunia	32337
vupen	ADV-2008-2857
xf	hummingbird-run-command-execution(45961)

Last major update

14-02-2024 - 01:17

Published

24-10-2008 - 00:00

Last modified

14-02-2024 - 01:17