PT-2008-6172 · Chilkat · Chilkat Crypt Activex

Shinnai

Published

2008-11-10

Updated

2017-09-29

CVE-2008-5002

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Chilkat Crypt ActiveX Component version 4.3.2.1

Description The issue allows remote attackers to create and overwrite arbitrary files via the WriteFile method, potentially leading to code execution by creating executable files in Startup folders or accessing files using hcp:// URLs.

Recommendations For version 4.3.2.1, consider disabling the WriteFile method until a patch is available to prevent remote attackers from creating and overwriting arbitrary files.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-5002

Affected Products

Chilkat Crypt Activex

PT-2008-6172 · Chilkat · Chilkat Crypt Activex

CVE-2008-5002

Weakness Enumeration

Related Identifiers

Affected Products

References · 9