Vulnerability Description
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hummingbird | Deployment Wizard | 2008 |
References
- http://secunia.com/advisories/32337Vendor Advisory
- http://www.securityfocus.com/bid/31799
- http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.htmlExploitURL Repurposed
- http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.htmlExploitURL Repurposed
- http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.htmlExploitURL Repurposed
- http://www.vupen.com/english/advisories/2008/2857
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45961
- https://www.exploit-db.com/exploits/6773
- https://www.exploit-db.com/exploits/6774
- https://www.exploit-db.com/exploits/6776
- http://secunia.com/advisories/32337Vendor Advisory
- http://www.securityfocus.com/bid/31799
- http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.htmlExploitURL Repurposed
- http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.htmlExploitURL Repurposed
- http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.htmlExploitURL Repurposed
FAQ
What is CVE-2008-4728?
CVE-2008-4728 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary ...
How severe is CVE-2008-4728?
CVE-2008-4728 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4728?
Check the references section above for vendor advisories and patch information. Affected products include: Hummingbird Deployment Wizard.