CVE-2008-4728

Hummingbird Deployment Wizard 2008 - ActiveX Command Execution

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

Múltiples vulnerabilidades debido a un procedimiento inseguro en el control ActiveX DeployRun.DeploymentSetup.1 (DeployRun.dll) v10.0.0.44 in Hummingbird Deployment Wizard 2008 que permite a atacantes remotos ejecutar programas a su elección a través de los métodos de (1) Run y (2) PerformUpdateAsync y (3) modificación arbitraria de los valores del registro a traves del metodo SetRegistryValueAsString. NOTA: El método SetRegistryValueAsString podria activar la ejecución de código especificando valores de ficheros ejecutables de las carpetas de inicio.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-10-23 CVE Reserved
2008-10-23 CVE Published
2024-02-15 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (10)

URL	Tag	Source
http://www.securityfocus.com/bid/31799	Vdb Entry
http://www.vupen.com/english/advisories/2008/2857	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45961	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/6773	2024-08-07
https://www.exploit-db.com/exploits/6776	2024-08-07
https://www.exploit-db.com/exploits/6774	2024-08-07
http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html	2024-08-07
http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html	2024-08-07
http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/32337	2024-02-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hummingbird Search vendor "Hummingbird"		Deployment Wizard Search vendor "Hummingbird" for product "Deployment Wizard"				2008 Search vendor "Hummingbird" for product "Deployment Wizard" and version "2008"		-		Affected