CVE-2008-7022

Chilkat IMAP ActiveX Control - LoadXmlEmail Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7022. PoCs published by e.wiZz!.

AI-analyzed exploit summary This exploit leverages a vulnerability in Chilkat IMAP ActiveX (CVE-2008-7022) by calling the 'LoadXmlEmail' function with an arbitrary file path, leading to file execution and potential DoS in Internet Explorer. The PoC demonstrates the flaw by executing 'mirc.exe' via the vulnerable ActiveX control.

Description

Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by e.wiZz! · htmlremotewindows
https://www.exploit-db.com/exploits/6600

This exploit leverages a vulnerability in Chilkat IMAP ActiveX (CVE-2008-7022) by calling the 'LoadXmlEmail' function with an arbitrary file path, leading to file execution and potential DoS in Internet Explorer. The PoC demonstrates the flaw by executing 'mirc.exe' via the vulnerable ActiveX control.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Chilkat IMAP ActiveX (ChilkatMail_v7_9.dll)
No auth needed
Prerequisites: Victim must have the vulnerable Chilkat IMAP ActiveX control installed · Victim must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6600
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45532

Scores

EPSS 0.0482
EPSS Percentile 90.8%

Details

Status published
Products (1)
chilkatsoft/chilkat_imap_activex_control 7.9
Published Aug 21, 2009
Tracked Since Feb 18, 2026