Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.
Published 2008-10-14 21:10:36
Updated 2017-08-08 01:32:36
Source CERT/CC
View at NVD,   CVE.org

Products affected by CVE-2008-4385

Exploit prediction scoring system (EPSS) score for CVE-2008-4385

73.67%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2008-4385

  • Husdawg, LLC. System Requirements Lab ActiveX Unsafe Method
    Disclosure Date: 2008-10-16
    First seen: 2020-04-26
    exploit/windows/browser/systemrequirementslab_unsafe
    This module allows attackers to execute code via an unsafe method in Husdawg, LLC. System Requirements Lab ActiveX Control (sysreqlab2.dll 2.30.0.0) Authors: - MC <mc@metasploit.com>

CVSS scores for CVE-2008-4385

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST

CWE ids for CVE-2008-4385

  • The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
    Assigned by: nvd@nist.gov (Primary)
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!