CVE-2008-4728
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.477 Medium
EPSS
Percentile
97.5%
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| hummingbird:deployment_wizard | hummingbird deployment wizard | eq | 2008 |
References
secunia.com/advisories/32337
www.securityfocus.com/bid/31799
www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html
www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html
www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html
www.vupen.com/english/advisories/2008/2857
exchange.xforce.ibmcloud.com/vulnerabilities/45961
www.exploit-db.com/exploits/6773
www.exploit-db.com/exploits/6774
www.exploit-db.com/exploits/6776
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.477 Medium
EPSS
Percentile
97.5%