CVE-2011-5289

aTube Catcher 2.3.570 - Arbitrary File Write via SaveDecrypted Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5289. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages the Chilkat Crypt ActiveX component's WriteFile method to create and execute arbitrary files. It writes a malicious executable to disk and uses the hcp:// protocol to trigger execution via a Microsoft control (compatUI.dll).

Description

The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/6963

View Code ZIP pw:eip

This exploit leverages the Chilkat Crypt ActiveX component's WriteFile method to create and execute arbitrary files. It writes a malicious executable to disk and uses the hcp:// protocol to trigger execution via a Microsoft control (compatUI.dll).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Chilkat Crypt ActiveX Component (ChilkatCrypt2.dll)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · Chilkat Crypt ActiveX component must be installed

MITRE ATT&CK

T1218 - System Binary Proxy Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23013

Scores

EPSS 0.0225

EPSS Percentile 80.6%

Details

CWE

CWE-264

Status published

Products (1)

diego_uscanga/atube_catcher 2.3.570

Published Jan 01, 2015

Tracked Since Feb 18, 2026