Vulnerability CVE-2008-4050
Published: 2008-09-11   Modified: 2012-02-12

Description:
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method.

See advisories in our WLB2 database:
Topic
Author
Date
High
Friendly Technologies Read/Write Registry/Read Files Exploit
spdr
15.09.2008

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Friendly technologies -> Friendly pppoe client 

 References:
http://xforce.iss.net/xforce/xfdb/44787
http://www.securityfocus.com/bid/30940
http://www.securityfocus.com/bid/30939
http://www.milw0rm.com/exploits/6334
http://securityreason.com/securityalert/4244
http://secunia.com/advisories/31644
Copyright 2024, cxsecurity.com

 

Back to Top