CVE-2009-4225

PestPatrol <5.6.7.9 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4225. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/fileformat/etrust_pestscan.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in CA eTrust PestPatrol's ActiveX control (ppctl.dll 5.6.7.9) via an overly long string passed to the Initialize() property, leading to arbitrary code execution.

Description

Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16630

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in CA eTrust PestPatrol's ActiveX control (ppctl.dll 5.6.7.9) via an overly long string passed to the Initialize() property, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CA eTrust PestPatrol (ppctl.dll 5.6.7.9)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX control must be installed and enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/etrust_pestscan.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in CA eTrust PestPatrol's ActiveX control (ppctl.dll 5.6.7.9) via an overly long string to the Initialize() property, leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CA eTrust PestPatrol (ppctl.dll 5.6.7.9)

No auth needed

Prerequisites: Victim must open the malicious HTML file in a vulnerable browser with the ActiveX control installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://www.metasploit.com/redmine/projects/framework/repository/revisions/7167/entry/modules/exploits/windows/fileformat/etrust_pestscan.rb

Vendor Advisory x_refsource_misc

http://www.fortiguard.com/encyclopedia/vulnerability/ca.etrust.pestpatrol.ppctl.dll.activex.access.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37133

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/54458

Scores

EPSS 0.3062

EPSS Percentile 98.0%

Details

CWE

CWE-119

Status published

Products (1)

ca/etrust_pestpatrole_ppctl.dll_activex 5.6.7.9

Published Dec 08, 2009

Tracked Since Feb 18, 2026