CVE-2007-4252

CHILKAT ASP String CkString.dll 1.1 - Absolute Path Traversal via SaveToFile Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4252. PoCs published by shinnai.

AI-analyzed exploit summary This exploit targets a vulnerability in Chilkat ASP String (CkString.dll <= 1.1) by using the insecure 'SaveToFile()' method to write arbitrary files. It demonstrates creating a batch file on the target system via VBScript in a web context.

Description

Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4255

View Code ZIP pw:eip

This exploit targets a vulnerability in Chilkat ASP String (CkString.dll <= 1.1) by using the insecure 'SaveToFile()' method to write arbitrary files. It demonstrates creating a batch file on the target system via VBScript in a web context.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Chilkat ASP String (CkString.dll <= 1.1)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · Target system must have the vulnerable Chilkat ASP String component installed

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →