CVE-2008-4728

Hummingbird Deployment Wizard 2008 - Unauthenticated Remote Code Execution via DeployRun ActiveX Methods

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-4728. PoCs published by shinnai.

AI-analyzed exploit summary This exploit demonstrates a vulnerability in Hummingbird Deployment Wizard 2008 (DeployRun.dll) where the `SetRegistryValueAsString` method can be abused to create or modify registry values. The PoC uses VBScript to invoke the method via an ActiveX object, potentially allowing arbitrary registry manipulation.

Description

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

Exploits (3)

exploitdb WORKING POC VERIFIED
by shinnai · htmlremotewindows
https://www.exploit-db.com/exploits/6774

This exploit demonstrates a vulnerability in Hummingbird Deployment Wizard 2008 (DeployRun.dll) where the `SetRegistryValueAsString` method can be abused to create or modify registry values. The PoC uses VBScript to invoke the method via an ActiveX object, potentially allowing arbitrary registry manipulation.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Hummingbird Deployment Wizard 2008 (DeployRun.dll <= 10.0.0.44)
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX controls must be enabled in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by shinnai · htmlremotewindows
https://www.exploit-db.com/exploits/6776

This exploit leverages an unsafe ActiveX control (DeployRun.dll) in Hummingbird Deployment Wizard 2008 to execute arbitrary commands via the PerformUpdateAsync method. The PoC demonstrates execution of calc.exe but could be adapted to run any executable or download remote payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Hummingbird Deployment Wizard 2008 (DeployRun.dll <= 10.0.0.44)
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX controls must be enabled in Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by shinnai · htmlremotewindows
https://www.exploit-db.com/exploits/6773

This exploit leverages an unsafe ActiveX control (DeployRun.dll) in Hummingbird Deployment Wizard 2008 to execute arbitrary commands via the `Run` method. The PoC demonstrates command execution by launching `calc.exe` through `cmd.exe` when a button is clicked in a malicious HTML page.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Hummingbird Deployment Wizard 2008 (DeployRun.dll <= 10.0.0.44)
No auth needed
Prerequisites: Victim must open the malicious HTML file in Internet Explorer with ActiveX enabled · DeployRun.dll must be registered on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Exploit, URL Repurposed x_refsource_misc
http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45961
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2857
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6773
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6774
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31799
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6776
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32337
Exploit, URL Repurposed x_refsource_misc
http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html
Exploit, URL Repurposed x_refsource_misc
http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html

Scores

EPSS 0.3163
EPSS Percentile 98.1%

Details

Status published
Products (1)
hummingbird/deployment_wizard 2008
Published Oct 24, 2008
Tracked Since Feb 18, 2026