CVE-2008-6959

Chilkat Socket ActiveX <2.3.1.1 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6959. PoCs published by Zigma.

AI-analyzed exploit summary This exploit leverages an arbitrary file creation vulnerability in ChilkatSocket.DLL (version 2.3.1.1) via an unsafe ActiveX control. The PoC uses VBScript to call the 'SaveLastError' method, allowing an attacker to write a file to an arbitrary location on the system.

Description

Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method. NOTE: this might be related to CVE-2008-1647.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Zigma · htmlremotewindows
https://www.exploit-db.com/exploits/7142

This exploit leverages an arbitrary file creation vulnerability in ChilkatSocket.DLL (version 2.3.1.1) via an unsafe ActiveX control. The PoC uses VBScript to call the 'SaveLastError' method, allowing an attacker to write a file to an arbitrary location on the system.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: ChilkatSocket.DLL version 2.3.1.1
No auth needed
Prerequisites: Victim must open the HTML file in a browser with ActiveX enabled · ChilkatSocket.DLL must be registered on the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/49902
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46657
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32738
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7142
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32333

Scores

EPSS 0.0573
EPSS Percentile 92.1%

Details

Status published
Products (1)
chilkatsoft/chilkat_socket
Published Aug 12, 2009
Tracked Since Feb 18, 2026