CVE-2008-4343

Chilkat XML ActiveX Control < 3.0.3.0 - Arbitrary File Write via SaveToFile, SaveToTempFile, or AppendBinary Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4343. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages the Chilkat XML ActiveX control (CLSID: {5022FAE8-B780-4B78-B8DC-1AF1145A4F42}) to create and execute arbitrary files via the SaveToFile() and AppendBinary() methods. It writes a malicious executable to C:\HelloWorld.exe and triggers execution using the hcp:// protocol via a crafted HTML file.

Description

The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/6537

View Code ZIP pw:eip

This exploit leverages the Chilkat XML ActiveX control (CLSID: {5022FAE8-B780-4B78-B8DC-1AF1145A4F42}) to create and execute arbitrary files via the SaveToFile() and AppendBinary() methods. It writes a malicious executable to C:\HelloWorld.exe and triggers execution using the hcp:// protocol via a crafted HTML file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ChilkatUtil.dll <= 3.0.3.0

No auth needed

Prerequisites: Victim must open a malicious HTML file in Internet Explorer · ChilkatUtil.dll <= 3.0.3.0 must be installed

MITRE ATT&CK