Friendly Technologies 'fwRemoteCfg.dll' ActiveX Control Information Disclosure Vulnerability

Bugtraq ID:	30939
Class:	Design Error
CVE:	CVE-2008-4050
Remote:	Yes
Local:	No
Published:	Aug 30 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	spdr
Vulnerable:	Friendly Technologies fwRemoteCfg.dll 0
Not Vulnerable:

Friendly Technologies 'fwRemoteCfg.dll' ActiveX Control Information Disclosure Vulnerability

Friendly Technologies 'fwRemoteCfg.dll' ActiveX control is prone to a vulnerability that lets attackers read arbitrary local files.

Successfully exploiting this issue allows remote attackers to obtain sensitive information that may aid in further attacks.

Friendly Technologies 'fwRemoteCfg.dll' ActiveX Control Information Disclosure Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.

The following exploit code is available:

• /data/vulnerabilities/exploits/30939.html

Friendly Technologies 'fwRemoteCfg.dll' ActiveX Control Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Friendly Technologies 'fwRemoteCfg.dll' ActiveX Control Information Disclosure Vulnerability

References:

• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• Vendor Homepage (Friendly Technologies)