CVE-2008-4728

Sažetak

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

Reference

http://secunia.com/advisories/32337
http://www.securityfocus.com/bid/31799
http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html
http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html
http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html
http://www.vupen.com/english/advisories/2008/2857
https://exchange.xforce.ibmcloud.com/vulnerabilities/45961
https://www.exploit-db.com/exploits/6773
https://www.exploit-db.com/exploits/6774
https://www.exploit-db.com/exploits/6776

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-09-2017 - 01:32

Objavljeno

24-10-2008 - 00:00