CVE-2008-5002

Sažetak

Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Reference

http://secunia.com/advisories/32513
http://securityreason.com/securityalert/4571
http://www.securityfocus.com/bid/32073
http://www.vupen.com/english/advisories/2008/2998
https://exchange.xforce.ibmcloud.com/vulnerabilities/46315
https://www.exploit-db.com/exploits/6963

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-09-2017 - 01:32

Objavljeno

10-11-2008 - 14:12