CVE-2008-4385

System Requirements Lab 3 - Remote Code Execution via Malicious Website Argument to Init Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4385. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/browser/systemrequirementslab_unsafe.

AI-analyzed exploit summary This Metasploit module exploits an unsafe method in the Husdawg, LLC. System Requirements Lab ActiveX Control (sysreqlab2.dll 2.30.0.0) to achieve remote code execution via a malicious HTML page.

Description

Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16552

This Metasploit module exploits an unsafe method in the Husdawg, LLC. System Requirements Lab ActiveX Control (sysreqlab2.dll 2.30.0.0) to achieve remote code execution via a malicious HTML page.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Husdawg, LLC. System Requirements Lab ActiveX Control (sysreqlab2.dll 2.30.0.0)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/systemrequirementslab_unsafe.rb

This Metasploit module exploits an unsafe method in the Husdawg, LLC. System Requirements Lab ActiveX Control (sysreqlab2.dll 2.30.0.0) to achieve remote code execution. It serves a malicious HTML page that triggers the vulnerability, leading to the download and execution of a payload EXE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Husdawg, LLC. System Requirements Lab ActiveX Control (sysreqlab2.dll 2.30.0.0)
No auth needed
Prerequisites: Victim must visit a malicious webpage or be redirected to it · ActiveX control must be installed and enabled in the victim's browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32236
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31752
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/166651
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497400
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45873

Scores

EPSS 0.7188
EPSS Percentile 98.8%

Details

CWE
CWE-94
Status published
Products (1)
systemrequirementslab/system_requirements_lab 3
Published Oct 14, 2008
Tracked Since Feb 18, 2026