Vulnerability Description
Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systemrequirementslab | System Requirements Lab | 3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32236Vendor Advisory
- http://www.kb.cert.org/vuls/id/166651Third Party AdvisoryUS Government Resource
- http://www.sec-consult.com/files/20081016-0_sysreqlab.txt
- http://www.securityfocus.com/archive/1/497400
- http://www.securityfocus.com/bid/31752
- http://www.systemrequirementslab.com/bulletins/security_bulletin_1.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45873
- http://secunia.com/advisories/32236Vendor Advisory
- http://www.kb.cert.org/vuls/id/166651Third Party AdvisoryUS Government Resource
- http://www.sec-consult.com/files/20081016-0_sysreqlab.txt
- http://www.securityfocus.com/archive/1/497400
- http://www.securityfocus.com/bid/31752
- http://www.systemrequirementslab.com/bulletins/security_bulletin_1.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45873
FAQ
What is CVE-2008-4385?
CVE-2008-4385 is a vulnerability with a CVSS score of 9.3 (HIGH). Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website ar...
How severe is CVE-2008-4385?
CVE-2008-4385 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4385?
Check the references section above for vendor advisories and patch information. Affected products include: Systemrequirementslab System Requirements Lab.