CVE-2008-4728

DeployRun <10.0.0.44 - RCE

Title source: llm

Description

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

Exploits (3)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/6774

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/6776

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/6773

View Code ZIP pw:eip

References (10)

[Exploit, URL Repurposed] http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45961

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2857

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6773

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6774

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31799

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6776

[Vendor Advisory] http://secunia.com/advisories/32337

[Exploit, URL Repurposed] http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html

[Exploit, URL Repurposed] http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html

Scores

EPSS 0.3012

EPSS Percentile 96.7%

Details

Status published

Products (1)

hummingbird/deployment_wizard 2008

Published Oct 24, 2008

Tracked Since Feb 18, 2026