Vulnerabilities > CVE-2007-3633 - Arbitrary File Overwrite vulnerability in Chilkat Software Chilkat ZIP Activex Control 12.4.2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Chilkat Zip ActiveX Component 12.4 Multiple Insecure Methods Exploit. CVE-2007-3633. Remote exploit for windows platform |
| file | exploits/windows/remote/4160.html |
| id | EDB-ID:4160 |
| last seen | 2016-01-31 |
| modified | 2007-07-07 |
| platform | windows |
| port | |
| published | 2007-07-07 |
| reporter | shinnai |
| source | https://www.exploit-db.com/download/4160/ |
| title | Chilkat Zip ActiveX Component 12.4 - Multiple Insecure Methods Exploit |
| type | remote |
References
- http://osvdb.org/37676
- http://secunia.com/advisories/25962
- http://secunia.com/advisories/48967
- http://secunia.com/advisories/48968
- http://www.securityfocus.com/bid/24806
- http://www.vupen.com/english/advisories/2007/2464
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35294
- https://www.exploit-db.com/exploits/4160