Vulnerability Details : CVE-2008-4385
Public exploit exists!
Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.
Products affected by CVE-2008-4385
- cpe:2.3:a:systemrequirementslab:system_requirements_lab:3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4385
73.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-4385
-
Husdawg, LLC. System Requirements Lab ActiveX Unsafe Method
Disclosure Date: 2008-10-16First seen: 2020-04-26exploit/windows/browser/systemrequirementslab_unsafeThis module allows attackers to execute code via an unsafe method in Husdawg, LLC. System Requirements Lab ActiveX Control (sysreqlab2.dll 2.30.0.0) Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2008-4385
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-4385
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4385
-
http://www.kb.cert.org/vuls/id/166651
Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/archive/1/497400
-
http://www.securityfocus.com/bid/31752
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45873
-
http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html
Vendor Advisory
-
http://www.sec-consult.com/files/20081016-0_sysreqlab.txt
Jump to