CVE-2008-4583

Chilkat FTP 2.0 - Arbitrary File Write via SavePkcs8File Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4583. PoCs published by darkl0rd.

AI-analyzed exploit summary This exploit targets an insecure method in Chilkat FTP ActiveX 2.0 (ChilkatCert.dll), specifically the SavePkcs8File method, which allows arbitrary file creation on the victim's system. The PoC uses VBScript to trigger the vulnerability via Internet Explorer.

Description

Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname in the SavePkcs8File method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by darkl0rd · htmlremotewindows

https://www.exploit-db.com/exploits/5028

View Code ZIP pw:eip

This exploit targets an insecure method in Chilkat FTP ActiveX 2.0 (ChilkatCert.dll), specifically the SavePkcs8File method, which allows arbitrary file creation on the victim's system. The PoC uses VBScript to trigger the vulnerability via Internet Explorer.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Chilkat FTP ActiveX 2.0 (ChilkatCert.dll)

No auth needed

Prerequisites: Victim must be using Internet Explorer and have the vulnerable ActiveX control installed

MITRE ATT&CK

T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4427

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5028

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27540

Scores

EPSS 0.0594

EPSS Percentile 92.3%

Details

Status published

Products (1)

chilkat_software/ftp 2.0

Published Oct 15, 2008

Tracked Since Feb 18, 2026