PT-2008-5939 · Hummingbird · Hummingbird Deployment Wizard
Shinnai
·
Published
2008-10-23
·
Updated
2024-02-14
·
CVE-2008-4728
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Hummingbird Deployment Wizard 2008 version 10.0.0.44
Description
The issue concerns insecure methods in the DeployRun.DeploymentSetup.1 ActiveX control, allowing remote attackers to execute arbitrary programs via the
Run and PerformUpdateAsync methods. Additionally, attackers can modify arbitrary registry values via the SetRegistryValueAsString method, potentially leading to code execution by specifying executable file values to Startup folders.Recommendations
For Hummingbird Deployment Wizard 2008 version 10.0.0.44, consider disabling the
Run and PerformUpdateAsync methods, as well as restricting access to the SetRegistryValueAsString method to prevent modification of registry values until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hummingbird Deployment Wizard