Description
Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method.
Affected products
- chilkat_software / chilkat_zip_activex_control12.4.2.0 – 12.4.2.0
References
- EXPLOIThttps://www.exploit-db.com/exploits/4160
- MISChttp://osvdb.org/37676
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/2464
- VENDOR_ADVISORYhttp://secunia.com/advisories/48967
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/35294
- VENDOR_ADVISORYhttp://secunia.com/advisories/25962
- MISChttp://www.securityfocus.com/bid/24806
- VENDOR_ADVISORYhttp://secunia.com/advisories/48968