CVE-2008-5002

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-5002. PoCs published by Metasploit, shinnai, shinnai, jduck, including Metasploit module exploits/windows/browser/chilkat_crypt_writefile.

AI-analyzed exploit summary This exploit leverages the 'WriteFile' unsafe method in Chilkat Crypt ActiveX control to write and execute arbitrary payloads. It uses the hcp:// protocol to trigger execution, requiring administrative privileges and targeting older Windows versions.

Description

Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16518

View Code ZIP pw:eip

This exploit leverages the 'WriteFile' unsafe method in Chilkat Crypt ActiveX control to write and execute arbitrary payloads. It uses the hcp:// protocol to trigger execution, requiring administrative privileges and targeting older Windows versions.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Chilkat Crypt ActiveX control (ChilkatCrypt2.DLL version 4.4.4.0 and earlier)

No auth needed

Prerequisites: Victim must be using Internet Explorer with ActiveX enabled · Victim must have administrative privileges · Target system must be running an older version of Windows

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1218.002 - Control Panel

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/6963

View Code ZIP pw:eip

This exploit leverages the Chilkat Crypt ActiveX component's WriteFile method to create and execute arbitrary files. It writes a malicious executable to disk and uses the hcp:// protocol to trigger execution via a Microsoft control (compatUI.dll).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Chilkat Crypt ActiveX Component (ChilkatCrypt2.dll)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · Chilkat Crypt ActiveX component must be installed

MITRE ATT&CK

T1218 - System Binary Proxy Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by shinnai, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/chilkat_crypt_writefile.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2008-5002 by leveraging the unsafe 'WriteFile' method in Chilkat Crypt ActiveX control to write and execute arbitrary payloads. It uses an hcp:// protocol URI to trigger immediate execution, requiring Administrator privileges.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Chilkat Crypt ActiveX (ChilkatCrypt2.DLL version 4.4.4.0 and earlier)

No auth needed

Prerequisites: Victim must visit a malicious webpage · ActiveX controls enabled in browser · Administrator privileges for hcp:// execution

MITRE ATT&CK