Vulnerability Details : CVE-2008-4728
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
Products affected by CVE-2008-4728
- cpe:2.3:a:hummingbird:deployment_wizard:2008:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4728
40.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-4728
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2008-4728
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45961
-
https://www.exploit-db.com/exploits/6774
-
http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html
Exploit
-
http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html
Exploit
-
http://www.securityfocus.com/bid/31799
-
https://www.exploit-db.com/exploits/6773
-
http://www.vupen.com/english/advisories/2008/2857
-
https://www.exploit-db.com/exploits/6776
-
http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html
Exploit
Jump to