1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Chilkat XML ActiveX Unsafe Method

HTTP Chilkat XML ActiveX Unsafe Method

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to a method(s) of Chilkat XML ActiveX control which may result in download of malicious content on the target machine.

Additional Information

The Chilkat XML ActiveX control is an XML parser application.

The control is prone to multiple vulnerabilities:

1. The following functions and parameters in the control are prone to arbitrary file-overwrite vulnerabilities:

'SaveToFile()': 'filename'
'SaveToTempFile()': 'templateFilename'

2. The 'AppendBinary()' function of the control allows an attacker to write arbitrary bytes into a created file.

The following ActiveX control and related CLSID are affected:

ChilkatUtil.CkData.1(ChilkatUtil.dll) : 5022FAE8-B780-4B78-B8DC-1AF1145A4F42

An attacker can exploit these issues by enticing an unsuspecting victim to view a malicious HTML page.

Successfully exploiting these issues will allow the attacker to create or overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Affected

  • The Chilkat XML ActiveX control DLL 'ChilkatUtil.dll' 3.0.3.0 and prior versions are affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube