Signature Detail
Short Name |
HTTP:STC:ACTIVEX:CHILKAT-CRYPT |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Chilkat Crypt ActiveX WriteFile method Overrite Arbitrary file |
Release Date |
2011/11/15 |
Update Number |
2030 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Chilkat Crypt ActiveX WriteFile method Overrite Arbitrary file
This signature detects attempts to use unsafe ActiveX controls in the Chilkat Crypt Component. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Chilkat Crypt ActiveX control is prone to a vulnerability that let attackers overwrite files with arbitrary, attacker-controlled content. Successful exploits will compromise affected computers and will aid in further attacks. Chikat Crypt ActiveX control 2.1 is vulnerable; other versions may also be affected.
Affected Products
- Chilkat Chilkat Crypt ActiveX 2.1
References
- BugTraq: 32073
- CVE: CVE-2008-5002