Chilkat HTTP ChilkatHttp.dll ActiveX控件不安全调用漏洞

BUGTRAQ ID: 28546 Chilkat HTTP是用于与服务器通讯的HTTP客户端组件。 Chilkat HTTP组件的ActiveX控件实现上存在漏洞，远程攻击者可能利用此漏洞非授权访问系统上的文件。 Chilkat HTTP组件的ChilkatHttp.ChilkatHttp.1和ChilkatHttp.ChilkatHttpRequest.1 ActiveX控件（ChilkatHttp.dll）没有正确地验证对SaveLastError方式的输入参数，如果用户受骗访问了恶意网页的话，就可能导致覆盖并破坏系统上的任意文件。 Chilkat Software...

Information disclosure

The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained...

CVE-2008-1647

The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained...

CVE-2008-1647

The CVE-2008-1647 entry concerns ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll versions 2.4.0.0, 2.3.0.0 and earlier. The vulnerability arises from exposing the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary f...