CVE-2008-4728

Name of the Vulnerable Software and Affected Versions Hummingbird Deployment Wizard 2008 version 10.0.0.44

Description The issue concerns insecure methods in the DeployRun.DeploymentSetup.1 ActiveX control, allowing remote attackers to execute arbitrary programs via the Run and PerformUpdateAsync methods. Additionally, attackers can modify arbitrary registry values via the SetRegistryValueAsString method, potentially leading to code execution by specifying executable file values to Startup folders.

Recommendations For Hummingbird Deployment Wizard 2008 version 10.0.0.44, consider disabling the Run and PerformUpdateAsync methods, as well as restricting access to the SetRegistryValueAsString method to prevent modification of registry values until a patch is available.