1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Husdawg System Requirements Lab CVE-2008-4385

Attack: Husdawg System Requirements Lab CVE-2008-4385

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a remote code execution vulnerability in Husdawg System Requirements Lab.

Additional Information

Husdawg System Requirements Lab is a browser component that is used to analyze hardware and software on the computer where it runs. The application is available as an ActiveX control or a Java applet.

The application is prone to multiple remote code-execution vulnerabilities:

1. Multiple remote code-execution vulnerabilities affect the 'sysreqlab.dll', 'sysreqlabeli.dll', and 'sysreqlab2.dll' ActiveX controls identified by the following CLSIDs:

{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
{BE833F39-1E0C-468C-BA70-25AAEE55775E}
{BE833F39-1E0C-468C-BA70-25AAEE55775F}

2. Multiple remote code-execution vulnerabilities reside in 'sysreqlab.jar' included in the 'SRLApplet.class' Java class and 'sysreqlab2.cab' file. These vulnerabilities allow attackers to remotely call the 'init' method of the 'sysreqlab.jar' or 'sysreqlab2.cab' file using JavaScript. This method can be used to specify an arbitrary location for downloading executables by a DLL file that is used to install the application. An attacker can download and execute files from an attacker-controlled server provided that the files have the following names: 'setup_abc.exe', 'setup_ie_abc.exe', 'setup_mz_abc.exe', 'sysreqlab2.cab', and 'sysreqlab2.jar'.

Attackers can exploit these issues by enticing an unsuspecting user to visit a malicious site.

If successful, attackers will be able to download and execute arbitrary files on the affected computer in the context of the application that uses the plugins.

Affected

  • Husdawg System Requirements Lab
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube