Back to search
CVE-2008-4385
Published: Oct 14, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
32236
third-party-advisory
x_refsource_SECUNIA
http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html
x_refsource_CONFIRM
http://www.sec-consult.com/files/20081016-0_sysreqlab.txt
x_refsource_MISC
31752
vdb-entry
x_refsource_BID
VU#166651
third-party-advisory
x_refsource_CERT-VN
20081016 SEC Consult SA-20081016-0 :: Remote command execution in InstantExpert Analysis
mailing-list
x_refsource_BUGTRAQ
srl-activex-javaapplet-code-execution(45873)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now