Vulnerability Report

CVE-2008-4728

Title: Hummingbird Deployment Wizard

Other

Proof Of Concept

PoC Available for CVE-2008-4728

CWE Category NVD-CWE-noinfo

Published Date Oct 24, 2008

Modified Date Apr 09, 2025

Exploit Status Available

Score 9.3 CVSS v2.0

Exploit Probability (EPSS)

24.53%

Vulnerability Summary

CVE-2008-4728: Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

Impacted Vendors

hummingbird 1

Reference Links

http://secunia.com/advisories/32337 http://www.securityfocus.com/bid/31799 http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html http://www.vupen.com/english/advisories/2008/2857 https://exchange.xforce.ibmcloud.com/vulnerabilities/45961 https://www.exploit-db.com/exploits/6773 https://www.exploit-db.com/exploits/6774 https://www.exploit-db.com/exploits/6776 http://secunia.com/advisories/32337 http://www.securityfocus.com/bid/31799 http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html http://www.vupen.com/english/advisories/2008/2857 https://exchange.xforce.ibmcloud.com/vulnerabilities/45961 https://www.exploit-db.com/exploits/6773 https://www.exploit-db.com/exploits/6774 https://www.exploit-db.com/exploits/6776

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-4728 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/6773

View Code

Exploit-DB https://www.exploit-db.com/exploits/6776

View Code

Exploit-DB https://www.exploit-db.com/exploits/6774

View Code

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

October 24, 2008 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.