Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1647

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1647
Last Modified 29 Oct 2012 11:09:45
Published 02 Apr 2008 01:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1647

Summary

The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Chilkat Software Chilkathttp Activex 2.3.0.0

  • Chilkat Software Chilkathttp Activex 2.4.0.0


References

VUPEN - ADV-2008-1050

MISC - http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1207033569.ff.php

BID - 28546

MILW0RM - 5338

SECUNIA - 29581

XF - chilkathttp-activex-file-overwrite(45988)


Last Updated: 27 May 2016 10:47:14