module
Chilkat Crypt ActiveX WriteFile Unsafe Method
| Disclosed | Created |
|---|---|
| Nov 3, 2008 | May 30, 2018 |
Disclosed
Nov 3, 2008
Created
May 30, 2018
Description
This module allows attackers to execute code via the 'WriteFile' unsafe method of
Chilkat Software Inc's Crypt ActiveX control.
This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to
execute our payload immediately. However, this method requires that the victim user
be browsing with Administrator. Additionally, this method will not work on newer
versions of Windows.
NOTE: This vulnerability is still unpatched. The latest version of Chilkat Crypt at
the time of this writing includes ChilkatCrypt2.DLL version 4.4.4.0.
Chilkat Software Inc's Crypt ActiveX control.
This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to
execute our payload immediately. However, this method requires that the victim user
be browsing with Administrator. Additionally, this method will not work on newer
versions of Windows.
NOTE: This vulnerability is still unpatched. The latest version of Chilkat Crypt at
the time of this writing includes ChilkatCrypt2.DLL version 4.4.4.0.
Authors
shinnai
jduck [email protected]
jduck [email protected]
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.