Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4728

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4728
Last Modified 07 Mar 2011 10:12:57
Published 23 Oct 2008 08:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4728

Summary

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

Vulnerable Systems

Application

  • Hummingbird Deployment Wizard 2008


References

XF - hummingbird-run-command-execution(45961)

VUPEN - ADV-2008-2857

MISC - http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html

MISC - http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html

MISC - http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html

BID - 31799

MILW0RM - 6776

MILW0RM - 6774

MILW0RM - 6773

SECUNIA - 32337


Last Updated: 27 May 2016 10:48:36