Lucene search
IcscertCVELIST:CVE-2013-6128HistoryOct 25, 2013 - 8:00 p.m.
CVE-2013-6128
2013-10-2520:00:00
icscert
www.cve.org
3
activex control
wellintech kingview
remote attackers
arbitrary files
arbitrary programs
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.
Related
exploitdb
exploitdb
KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite
2013-09-04 00:00:00
nvd
nvd
CVE-2013-6128
2013-10-25 20:55:03
prion
prion
Directory traversal
2013-10-25 20:55:00
checkpoint_advisories
checkpoint_advisories
KingView ActiveX Control Directory Traversal - Ver2 (CVE-2013-6128)
2014-03-31 00:00:00
cve
cve
CVE-2013-6128
2013-10-25 20:55:03
ics
ics
WellinTech KingView ActiveX Vulnerabilities
2013-12-17 12:00:00