Summary
The host is installed Chilkat Crypt, which is prone to ActiveX Control based arbitrary file overwrite vulnerability.
Impact
Successful exploitation will allow execution of arbitrary code.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
A workaround is to Set the kill-bit for the CLSID {3352B5B9-82E8-4FFD-9EB1-1A3E60056904}.
Insight
The vulnerability is due to the error in the 'ChilkatCrypt2.dll' ActiveX Control component that does not restrict access to the 'WriteFile()' method.
Affected
Chilkat Crypt ActiveX Component version 4.3.2.1 and prior
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-5002 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)