Vulnerability Description
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chilkat Software | Chilkat Crypt Activex Control | 2.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32513Vendor Advisory
- http://securityreason.com/securityalert/4571
- http://www.securityfocus.com/bid/32073
- http://www.vupen.com/english/advisories/2008/2998
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46315
- https://www.exploit-db.com/exploits/6963
- http://secunia.com/advisories/32513Vendor Advisory
- http://securityreason.com/securityalert/4571
- http://www.securityfocus.com/bid/32073
- http://www.vupen.com/english/advisories/2008/2998
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46315
- https://www.exploit-db.com/exploits/6963
FAQ
What is CVE-2008-5002?
CVE-2008-5002 is a vulnerability with a CVSS score of 9.3 (HIGH). Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitr...
How severe is CVE-2008-5002?
CVE-2008-5002 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5002?
Check the references section above for vendor advisories and patch information. Affected products include: Chilkat Software Chilkat Crypt Activex Control.