CVE-2008-4728 – Hummingbird Deployment Wizard 2008 - ActiveX Command Execution

https://notcve.org/view.php?id=CVE-2008-4728

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders. Múltiples vulnerabilidades debido a un procedimiento inseguro en el control ActiveX DeployRun.DeploymentSetup.1 (DeployRun.dll) v10.0.0.44 in Hummingbird Deployment Wizard 2008 que permite a atacantes remotos ejecutar programas a su elección a través de los métodos de (1) Run y (2) PerformUpdateAsync y (3) modificación arbitraria de los valores del registro a traves del metodo SetRegistryValueAsString. NOTA: El método SetRegistryValueAsString podria activar la ejecución de código especificando valores de ficheros ejecutables de las carpetas de inicio. • https://www.exploit-db.com/exploits/6773 https://www.exploit-db.com/exploits/6776 https://www.exploit-db.com/exploits/6774 http://secunia.com/advisories/32337 http://www.securityfocus.com/bid/31799 http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html http://www.vupen.com/english/advisories/2008/2857 https://exchange.xforce.ibmcloud.com/vulnerabilities/45961 •