Peachtree Accounting 'PAWWeb11.ocx' ActiveX Control Insecure Method Vulnerability
BID:31096
Info
Peachtree Accounting 'PAWWeb11.ocx' ActiveX Control Insecure Method Vulnerability
| Bugtraq ID: | 31096 |
| Class: | Design Error |
| CVE: |
CVE-2008-4699 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 10 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Jeremy Brown |
| Vulnerable: |
Sage Peachtree Accounting 2004 |
| Not Vulnerable: | |
Discussion
Peachtree Accounting 'PAWWeb11.ocx' ActiveX Control Insecure Method Vulnerability
The Peachtree Accounting 'PAWWeb11.ocx' ActiveX control is prone to an insecure-method vulnerability.
Successfully exploiting this issue allows remote attackers to launch arbitrary applications with the privileges of the application running the ActiveX control (typically Internet Explorer).
The issue affects Peachtree Accounting 2004; other versions may also be affected.
The Peachtree Accounting 'PAWWeb11.ocx' ActiveX control is prone to an insecure-method vulnerability.
Successfully exploiting this issue allows remote attackers to launch arbitrary applications with the privileges of the application running the ActiveX control (typically Internet Explorer).
The issue affects Peachtree Accounting 2004; other versions may also be affected.
Exploit / POC
Peachtree Accounting 'PAWWeb11.ocx' ActiveX Control Insecure Method Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious web document.
UPDATE (September 24, 2008): Symantec has detected active exploit attempts of this issue in the wild.
The following proof of concept is available:
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious web document.
UPDATE (September 24, 2008): Symantec has detected active exploit attempts of this issue in the wild.
The following proof of concept is available:
Solution / Fix
Peachtree Accounting 'PAWWeb11.ocx' ActiveX Control Insecure Method Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Peachtree Accounting 'PAWWeb11.ocx' ActiveX Control Insecure Method Vulnerability
References:
References:
- Microsoft Support Document 240797 (Microsoft)
- Peachtree Accounting Homepage (Sage)
- Peachtree Accounting Remote Exploit (Jeremy Brown)