Vulnerability CVE-2008-4728


Published: 2008-10-23   Modified: 2012-02-12

Description:
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

See advisories in our WLB2 database:
Topic
Author
Date
High
Hummingbird Deployment Wizard 2008 ActiveX Command Execution
shinnai
25.10.2008

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Hummingbird -> Deployment wizard 

 References:
http://xforce.iss.net/xforce/xfdb/45961
http://www.vupen.com/english/advisories/2008/2857
http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html
http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html
http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html
http://www.securityfocus.com/bid/31799
http://www.milw0rm.com/exploits/6776
http://www.milw0rm.com/exploits/6774
http://www.milw0rm.com/exploits/6773
http://secunia.com/advisories/32337

Copyright 2024, cxsecurity.com

 

Back to Top