CVE-2008-4699

Peachtree Accounting 2004 - Remote Code Execution via PAWWeb11.ocx ExecutePreferredApplication Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4699. PoCs published by Jeremy Brown.

AI-analyzed exploit summary This exploit leverages an ActiveX control vulnerability in Peachtree Accounting to execute arbitrary commands via the `ExecutePreferredApplication` method. It demonstrates RCE by launching `calc.exe` on the target system.

Description

Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jeremy Brown · htmlremotewindows

https://www.exploit-db.com/exploits/6414

View Code ZIP pw:eip

This exploit leverages an ActiveX control vulnerability in Peachtree Accounting to execute arbitrary commands via the `ExecutePreferredApplication` method. It demonstrates RCE by launching `calc.exe` on the target system.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Peachtree Accounting 2004 (PAWWeb11.ocx)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer with ActiveX enabled · PAWWeb11.ocx must be installed

MITRE ATT&CK