CVE-2007-3633

Name of the Vulnerable Software and Affected Versions ChilkatZip2.dll version 12.4.2.0

Description The issue is related to an absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control. This vulnerability allows remote attackers to create or overwrite arbitrary files by providing a full pathname in the argument to certain methods, specifically the (1) SaveLastError method and probably the (2) WriteExe method.

Recommendations For version 12.4.2.0, consider disabling the SaveLastError and WriteExe methods as a temporary workaround until a patch is available. Restrict access to these methods to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.