The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
References
Link | Resource |
---|---|
http://secunia.com/advisories/31951 | Vendor Advisory |
http://www.securityfocus.com/bid/31332 | |
http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS | Exploit URL Repurposed |
https://exchange.xforce.ibmcloud.com/vulnerabilities/45333 | |
https://www.exploit-db.com/exploits/6537 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-09-30T17:00:00
Updated: 2017-09-28T12:57:01
Reserved: 2008-09-30T00:00:00
Link: CVE-2008-4343
JSON object: View
NVD Information
Status : Modified
Published: 2008-09-30T17:22:09.537
Modified: 2024-02-14T01:17:43.863
Link: CVE-2008-4343
JSON object: View
Redhat Information
No data.
CWE