PT-2008-5800 · Chilkat · Chilkat Ftp 2.0 Activex

Darkl0Rd

Published

2008-10-15

Updated

2017-09-29

CVE-2008-4583

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll)

Description The issue is related to an insecure method in the Chilkat FTP 2.0 ActiveX component, which allows remote attackers to overwrite arbitrary files. This is achieved by providing a full pathname in the SavePkcs8File method.

Recommendations For Chilkat FTP 2.0 ActiveX component, consider disabling the SavePkcs8File method until a patch is available to prevent remote attackers from overwriting arbitrary files.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-4583

Affected Products

Chilkat Ftp 2.0 Activex

PT-2008-5800 · Chilkat · Chilkat Ftp 2.0 Activex

CVE-2008-4583

Related Identifiers

Affected Products

References · 4