Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Chilkat XML ActiveX控件不安全方式调用漏洞
Vulnerability Description
Chilkat XML ActiveX是免费的XML解析器组件。 ChilkatUtil.dll库所提供的ChilkatUtil.CkData.1 ActiveX控件包含有不安全的SaveToFile()和AppendBinary()方式。如果向SaveToFile()和SaveToTempFile()方式提供了恶意filename或templateFilename参数的话,就可能导致保存或覆盖指定的文件;此外攻击者还可以利用AppendBinary()方式向已创建的文件附加任意字节。
CVSS Information
N/A
Vulnerability Type
N/A