CVE-2008-5002

Published: 10/11/2008 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote malicious users to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
chilkat software chilkat crypt activex control 2.1

## # $Id: chilkat_crypt_writefilerb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core ...

----------------------------------------------------------------------------- Chilkat Crypt Activex Component Arbitrary File Creation/Execution url: wwwchilkatsoftcom File: ChilkatCrypt2dll CLSID: {3352B5B9-82E8-4FFD-9EB1-1A3E60056904} ProgID: ChilkatCrypt2ChilkatCrypt21 Descr: Chilkat Crypt2 Marked as: RegKey Safe for Script ...

CWE-20 http://www.securityfocus.com/bid/32073 http://secunia.com/advisories/32513 http://securityreason.com/securityalert/4571 http://www.vupen.com/english/advisories/2008/2998 https://exchange.xforce.ibmcloud.com/vulnerabilities/46315 https://www.exploit-db.com/exploits/6963 https://nvd.nist.gov https://www.exploit-db.com/exploits/16518/

CVE-2008-5002

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect