cbcvebase.
CVE-2009-4225
published 2009-12-08

CVE-2009-4225: Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via…

PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
30.62%
98.0th percentile
Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method.

Affected

1 ranges
VendorProductVersion rangeFixed in
caetrust_pestpatrole_ppctl.dll_activex

Detection & IOCsextracted from sources · hover to see the quote

filenameppctl.dll
other0x0A0A0A0A
commandInitialize()
  • ·The vulnerable version is specifically ppctl.dll 5.6.7.9; other versions may not be affected. Confirm version before applying detections.
  • ·The Metasploit module targets Windows XP SP0-SP3 and Windows Vista with IE 6.0 SP0-SP2 and IE 7 only; the return address 0x0A0A0A0A is platform-specific and may not apply to other OS/browser combinations.
  • ·JavaScript variable names in the exploit HTML are randomized at generation time, limiting static string-based detection of the malicious HTML payload.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.