CVE-2008-5002 : Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX contr

Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Published 2008-11-10 14:12:56

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-5002

Chilkat Software » Chilkat Crypt Activex Control » Version: 2.1
cpe:2.3:a:chilkat_software:chilkat_crypt_activex_control:2.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-5002

EPSS FAQ

66.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2008-5002

Chilkat Crypt ActiveX WriteFile Unsafe Method

Disclosure Date: 2008-11-03

First seen: 2020-04-26

exploit/windows/browser/chilkat_crypt_writefile

This module allows attackers to execute code via the 'WriteFile' unsafe method of Chilkat Software Inc's Crypt ActiveX control. This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to execute our payload immediately. However, this method req

More information

CVSS scores for CVE-2008-5002

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5002

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-5002

http://www.vupen.com/english/advisories/2008/2998
http://securityreason.com/securityalert/4571
https://exchange.xforce.ibmcloud.com/vulnerabilities/46315
http://secunia.com/advisories/32513

Vendor Advisory
http://www.securityfocus.com/bid/32073

Chilkat Crypt ActiveX Control 'ChilkatCrypt2.dll' Arbitrary File Overwrite Vulnerability
https://www.exploit-db.com/exploits/6963

Chilkat Crypt - ActiveX Arbitrary File Creation/Execution - Windows remote Exploit

Jump to