CVE-2008-4728 Information
Description
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
Reference
http://secunia.com/advisories/32337 http://www.securityfocus.com/bid/31799 http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html http://www.vupen.com/english/advisories/2008/2857 https://exchange.xforce.ibmcloud.com/vulnerabilities/45961 https://www.exploit-db.com/exploits/6773 https://www.exploit-db.com/exploits/6774 https://www.exploit-db.com/exploits/6776
Share on: