J-Security Center

Title: Husdawg System Requirements Lab Multiple Remote Code Execution Vulnerabilities

Severity: HIGH

Description:

Husdawg System Requirements Lab is a browser component that is used to analyze hardware and software on the computer where it runs. The application is available as an ActiveX control or a Java applet.

The application is prone to multiple remote code-execution vulnerabilities:

1. Multiple remote code-execution vulnerabilities affect the 'sysreqlab.dll', 'sysreqlabeli.dll', and 'sysreqlab2.dll' ActiveX controls identified by the following CLSIDs:

{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
{BE833F39-1E0C-468C-BA70-25AAEE55775E}
{BE833F39-1E0C-468C-BA70-25AAEE55775F}

2. Multiple remote code-execution vulnerabilities reside in 'sysreqlab.jar' included in the 'SRLApplet.class' Java class and 'sysreqlab2.cab' file. These vulnerabilities allow attackers to remotely call the 'init' method of the 'sysreqlab.jar' or 'sysreqlab2.cab' file using JavaScript. This method can be used to specify an arbitrary location for downloading executables by a DLL file that is used to install the application. An attacker can download and execute files from an attacker-controlled server provided that the files have the following names: 'setup_abc.exe', 'setup_ie_abc.exe', 'setup_mz_abc.exe', 'sysreqlab2.cab', and 'sysreqlab2.jar'.

Attackers can exploit these issues by enticing an unsuspecting user to visit a malicious site.

If successful, attackers will be able to download and execute arbitrary files on the affected computer in the context of the application that uses the plugins.

Affected Products:

  • Husdawg System Requirements Lab

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.