1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Chilkat Zip Activex File Overwrite

HTTP Chilkat Zip Activex File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a file overwrite vulnerability in Chilkat Zip.

Additional Information

Chilkat Zip is an ActiveX control that allows users to compress and decompress files.

The ActiveX control is prone to multiple vulnerabilities that let attackers overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). These issues occur because the application fails to sanitize user-supplied input to the 'SaveLastError' and 'WriteExe' method of the 'ChilkatZip2.dll' library. These issues occur in the ActiveX control with CLSID: DB90DEA9-0897-4B02-9FE0-1E321A22EAB0.

An attacker can exploit these issues to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

These issues affect Chilkat Zip 12.4.2.0; other versions may also be affected.

Affected

  • Chilkat Zip 12.4.2.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube