CVE-2008-4049

Friendly Technologies FriendlyPPPoE Client <3.0.0.57 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4049. PoCs published by spdr.

AI-analyzed exploit summary This exploit leverages an ActiveX control vulnerability in Friendly Technologies dialers to execute arbitrary commands via the RunApp method. It demonstrates remote command execution by launching cmd.exe with a simple echo command.

Description

A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by spdr · htmlremotewindows
https://www.exploit-db.com/exploits/6324

This exploit leverages an ActiveX control vulnerability in Friendly Technologies dialers to execute arbitrary commands via the RunApp method. It demonstrates remote command execution by launching cmd.exe with a simple echo command.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Friendly Technologies dialers ActiveX control
No auth needed
Prerequisites: Victim must have the vulnerable ActiveX control installed and enabled in Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44754
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30889
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6324
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31644
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4243

Scores

EPSS 0.0423
EPSS Percentile 89.7%

Details

CWE
CWE-20
Status published
Products (1)
friendly_technologies/friendly_pppoe_client 3.0.0.57
Published Sep 11, 2008
Tracked Since Feb 18, 2026