The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01 | Patch US Government Resource |
http://www.exploit-db.com/exploits/28085/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-10-03T16:14:50
Updated: 2022-10-03T16:14:50
Reserved: 2022-10-03T00:00:00
Link: CVE-2013-6128
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-10-25T20:55:03.517
Modified: 2013-10-28T13:39:05.637
Link: CVE-2013-6128
JSON object: View
Redhat Information
No data.
CWE