Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4343

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4343
Last Modified 01 Oct 2008 12:00:00
Published 30 Sep 2008 01:22:09
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4343

Summary

The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

Vulnerable Systems

Application

  • Chilkat Software Chilkat Xml Activex Control 3.0.3.0


References

XF - chilkatxml-chilkatutil-file-overwrite(45333)

MISC - http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS

BID - 31332

MILW0RM - 6537

SECUNIA - 31951


Last Updated: 27 May 2016 10:48:28