SecPod ID: 10178

Chilkat Crypt ActiveX Control 'ChilkatCrypt2.dll' File Overwrite Vulnerability

Status: Public Report

Release Date: 11-11-2008

Severity: High

CVSS Base Score: 8.8 (AV:N/AC:M/Au:NR/C:C/I:C/A:N)

CVSS Temporal Score = 7.9

Affected Software/OS/Device:

Chilkat Crypt ActiveX Component version 4.3.2.1 and prior

Impact Level: Application

SecPod Nessus Plugin ID: 900171

Snort ID:

Vulnerability Insight:

Overview:

Chilkat Crypt is prone to ActiveX Control based arbitrary file overwrite vulnerability.

Description:

The vulnerability is caused due to error in the "ChilkatCrypt2.dll" ActiveX Control component that does not restrict access to the "WriteFile()" method.

Impact :

Successful exploitation will lead to execution of arbitrary code.

CVSS Score Report:    

    ACCESS_VECTOR = NETWORK
    ACCESS_COMPLEXITY = MEDIUM
    AUTHENTICATION = NOT_REQUIRED
    CONFIDENTIALITY_IMPACT = COMPLETE
    INTEGRITY_IMPACT = COMPLETE
    AVAILABILITY_IMPACT = NONE
    EXPLOITABILITY = PROOF_OF_CONCEPT
    REMEDIATION_LEVEL = UNAVAILABLE
    REPORT_CONFIDENCE = CONFIRMED

    CVSS Base Score = 8.8 (AV:N/AC:M/Au:NR/C:C/I:C/A:N)
    CVSS Temporal Score = 7.9

Fix:

Set a kill bit for the CLSID {3352B5B9-82E8-4FFD-9EB1-1A3E60056904}.
No solution/patch is available as on 05th November, 2008.

References:

http://milw0rm.com/exploits/6963

http://secunia.com/advisories/32513/

http://www.securityfocus.com/bid/32073

Home          Corporate          Resources          Report Security Bug          Blog