Vulnerabilities > CVE-2008-4728 - Unspecified vulnerability in Hummingbird Deployment Wizard 2008
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN hummingbird
exploit available
Summary
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Hummingbird Deployment Wizard 2008 ActiveX File Execution(2). CVE-2008-4728. Remote exploit for windows platform file exploits/windows/remote/6776.html id EDB-ID:6776 last seen 2016-02-01 modified 2008-10-17 platform windows port published 2008-10-17 reporter shinnai source https://www.exploit-db.com/download/6776/ title Hummingbird Deployment Wizard 2008 - ActiveX File Execution2 type remote description Hummingbird Deployment Wizard 2008 ActiveX Command Execution. CVE-2008-4728. Remote exploit for windows platform file exploits/windows/remote/6773.html id EDB-ID:6773 last seen 2016-02-01 modified 2008-10-17 platform windows port published 2008-10-17 reporter shinnai source https://www.exploit-db.com/download/6773/ title Hummingbird Deployment Wizard 2008 - ActiveX Command Execution type remote description Hummingbird Deployment Wizard 2008 Registry Values Creation/Change. CVE-2008-4728. Remote exploit for windows platform file exploits/windows/remote/6774.html id EDB-ID:6774 last seen 2016-02-01 modified 2008-10-17 platform windows port published 2008-10-17 reporter shinnai source https://www.exploit-db.com/download/6774/ title Hummingbird Deployment Wizard 2008 Registry Values Creation/Change type remote
References
- http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html
- http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html
- http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html
- http://secunia.com/advisories/32337
- http://www.securityfocus.com/bid/31799
- http://www.vupen.com/english/advisories/2008/2857
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45961
- https://www.exploit-db.com/exploits/6776
- https://www.exploit-db.com/exploits/6774
- https://www.exploit-db.com/exploits/6773