PT-2008-5910 · Sage · Peachtree Accounting

Jeremy Brown

Published

2008-10-22

Updated

2017-09-29

CVE-2008-4699

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Peachtree Accounting version 2004

Description The issue concerns an insecure method in the ActiveX control PAWWeb11.ocx, which allows remote attackers to execute arbitrary programs. This is achieved via the ExecutePreferredApplication method.

Recommendations For Peachtree Accounting version 2004, consider disabling the ExecutePreferredApplication method in the PAWWeb11.ocx ActiveX control as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-4699

Affected Products

Peachtree Accounting

PT-2008-5910 · Sage · Peachtree Accounting

CVE-2008-4699

Related Identifiers

Affected Products

References · 8