The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01 | Patch US Government Resource |
http://www.exploit-db.com/exploits/28085/ | |
http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01 | Patch US Government Resource |
http://www.exploit-db.com/exploits/28085/ |
Configurations
History
21 Nov 2024, 01:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01 - Patch, US Government Resource | |
References | () http://www.exploit-db.com/exploits/28085/ - |
Information
Published : 2013-10-25 20:55
Updated : 2024-11-21 01:58
NVD link : CVE-2013-6128
Mitre link : CVE-2013-6128
CVE.ORG link : CVE-2013-6128
JSON object : View
Products Affected
wellintech
- kingview
CWE
CWE-264
Permissions, Privileges, and Access Controls