CVE-2008-4343

Published: 30/09/2008 Updated: 14/02/2024

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and previous versions allows remote malicious users to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
chilkat software chilkat xml activex control

----------------------------------------------------------------------------- Chilkat XML ActiveX Remote Arbitrary File Creation/Execution url: wwwchilkatsoftcom File: ChilkatUtildll <= 3030 CLSID: {5022FAE8-B780-4B78-B8DC-1AF1145A4F42} ProgID: ChilkatUtilCkData1 Descr: Chilkat CkData Marked as: RegKey Safe for Script: False ...

CWE-20 http://secunia.com/advisories/31951 http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS http://www.securityfocus.com/bid/31332 https://exchange.xforce.ibmcloud.com/vulnerabilities/45333 https://www.exploit-db.com/exploits/6537 https://nvd.nist.gov https://www.exploit-db.com/exploits/6537/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4343

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect