File Manipulation Flaw in WellinTech KingView Affects Security
CVE-2013-6127

Currently unrated

Key Information:

Vendor: Wellintech
Status: Kingview
Vendor: CVE Published:; 25 October 2013

Summary

The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx versions before 65.30.30000.10002 presents a security concern in WellinTech KingView prior to version 6.53. It inadequately restricts calls to the ReplaceDBFile method, enabling remote attackers to exploit this flaw. By leveraging directory traversal techniques, they can potentially create or overwrite arbitrary files on the server, leading to unauthorized execution of programs. This vulnerability emphasizes the critical need for prompt updates and security reviews in applications utilizing ActiveX controls.

References

http://www.exploit-db.com/exploits/28084/

exploitx_refsource_EXPLOIT-DB

http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 25, 2013