CVE-2008-4728

critical

Description

Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.

References

https://www.exploit-db.com/exploits/6776

https://www.exploit-db.com/exploits/6774

https://www.exploit-db.com/exploits/6773

https://exchange.xforce.ibmcloud.com/vulnerabilities/45961

http://www.vupen.com/english/advisories/2008/2857

http://www.securityfocus.com/bid/31799

http://secunia.com/advisories/32337

Details

Source: Mitre, NVD

Published: 2008-10-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.31628