CVE-2008-4343

Chilkat Software Chilkat Xml Activex ... - Improper Input Validation

Title source: rule

Description

The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/6537

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/31951

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45333

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6537

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31332

[Exploit, URL Repurposed] http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS

Scores

EPSS 0.0653

EPSS Percentile 91.2%

Details

CWE

CWE-20

Status published

Products (1)

chilkat_software/chilkat_xml_activex_control < 3.0.3.0

Published Sep 30, 2008

Tracked Since Feb 18, 2026