PT-2008-5800 · Chilkat · Chilkat Ftp 2.0 Activex

Darkl0Rd

Publicado

2008-10-15

Atualizado

2017-09-29

CVE-2008-4583

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll)

Description The issue is related to an insecure method in the Chilkat FTP 2.0 ActiveX component, which allows remote attackers to overwrite arbitrary files. This is achieved by providing a full pathname in the SavePkcs8File method.

Recommendations For Chilkat FTP 2.0 ActiveX component, consider disabling the SavePkcs8File method until a patch is available to prevent remote attackers from overwriting arbitrary files.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2008-4583

Produtos afetados

Chilkat Ftp 2.0 Activex

PT-2008-5800 · Chilkat · Chilkat Ftp 2.0 Activex

CVE-2008-4583

Identificadores relacionados

Produtos afetados

Referências · 4