CVE-2008-4050

Friendly Technologies FriendlyPPPoE Client <3.0.0.57 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4050. PoCs published by spdr.

AI-analyzed exploit summary This exploit leverages an ActiveX control vulnerability in Friendly Technologies software to read/write registry values and read arbitrary files. It demonstrates unauthorized access to sensitive system data via JavaScript interaction with the vulnerable control.

Description

A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by spdr · htmlremotewindows

https://www.exploit-db.com/exploits/6334

View Code ZIP pw:eip

This exploit leverages an ActiveX control vulnerability in Friendly Technologies software to read/write registry values and read arbitrary files. It demonstrates unauthorized access to sensitive system data via JavaScript interaction with the vulnerable control.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Friendly Technologies FriendlyWeb Dialer (ActiveX control clsid:F4A06697-C0E7-4BB6-8C3B-E01016A4408B)

No auth needed

Prerequisites: Victim must visit a malicious webpage with the vulnerable ActiveX control installed

MITRE ATT&CK