Spdr

#10156of 53,619
27.2Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2009-2605
4.3
2009-09-01
Icq · Icqtoolbar · CVE-2008-7136
**Name of the Vulnerable Software and Affected Versions** ICQToolbar version 2.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in a toolbar crash. This can be achieved by providing a long argument to certain methods, specifically the `RequestURL`, `GetPropertyById`, or `SetPropertyById` methods. **Recommendations** For ICQToolbar version 2.3, consider avoiding the use of long arguments in the `RequestURL`, `GetPropertyById`, or `SetPropertyById` methods until a fix is available. As a temporary workaround, restricting the input length for these methods may help minimize the risk of a denial of service.
PT-2008-5361
6.8
2008-09-11
Unknown · Friendlypppoe Client · CVE-2008-4048
**Name of the Vulnerable Software and Affected Versions** FriendlyPPPoE Client version 3.0.0.57 **Description** A heap-based buffer overflow issue exists in a certain ActiveX control in fwRemoteCfg.dll version 3.3.3.1. This allows remote attackers to execute arbitrary code via a long third argument to the `CreateURLShortcut` method. **Recommendations** For FriendlyPPPoE Client version 3.0.0.57, consider disabling the `CreateURLShortcut` method until a patch is available to prevent exploitation.
PT-2008-5362
6.8
2008-09-11
Friendly · Friendlypppoe Client · CVE-2008-4049
**Name of the Vulnerable Software and Affected Versions** FriendlyPPPoE Client version 3.0.0.57 **Description** The issue concerns a certain ActiveX control in the fwRemoteCfg.dll file, which allows remote attackers to execute arbitrary programs. This is achieved by providing arguments to the `RunApp` method. **Recommendations** For FriendlyPPPoE Client version 3.0.0.57, consider disabling the `RunApp` method as a temporary workaround until a patch is available.
PT-2008-5363
9.3
2008-09-11
Unknown · Friendlypppoe Client · CVE-2008-4050
**Name of the Vulnerable Software and Affected Versions** FriendlyPPPoE Client version 3.0.0.57 fwRemoteCfg.dll version 3.3.3.1 **Description** The issue allows remote attackers to create and read arbitrary registry values via the `RegistryValue` method, and read arbitrary files via the `GetTextFile` method. **Recommendations** For FriendlyPPPoE Client version 3.0.0.57, consider disabling the `RegistryValue` and `GetTextFile` methods until a patch is available. Restrict access to the `fwRemoteCfg.dll` module to minimize the risk of exploitation.