module
Chilkat Crypt ActiveX WriteFile Unsafe Method
| Disclosed | Created |
|---|---|
| 2008-11-03 | 2018-05-30 |
Disclosed
2008-11-03
Created
2018-05-30
Description
This module allows attackers to execute code via the 'WriteFile' unsafe method of
Chilkat Software Inc's Crypt ActiveX control.
This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to
execute our payload immediately. However, this method requires that the victim user
be browsing with Administrator. Additionally, this method will not work on newer
versions of Windows.
NOTE: This vulnerability is still unpatched. The latest version of Chilkat Crypt at
the time of this writing includes ChilkatCrypt2.DLL version 4.4.4.0.
Chilkat Software Inc's Crypt ActiveX control.
This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to
execute our payload immediately. However, this method requires that the victim user
be browsing with Administrator. Additionally, this method will not work on newer
versions of Windows.
NOTE: This vulnerability is still unpatched. The latest version of Chilkat Crypt at
the time of this writing includes ChilkatCrypt2.DLL version 4.4.4.0.
Authors
shinnai
jduck jduck@metasploit.com
jduck jduck@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.