Directory Traversal Vulnerability in WellinTech KingView ActiveX Control
CVE-2013-6128

Currently unrated

Key Information:

Vendor

Wellintech

Status
Kingview
Vendor
CVE Published:
25 October 2013

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2013-6128?

The KCHARTXYLib.KChartXY ActiveX control found in WellinTech KingView versions prior to 6.53 is vulnerable to directory traversal attacks. This vulnerability allows remote attackers to manipulate the SaveToFile method, enabling them to create or overwrite arbitrary files on the system by passing specially crafted pathname arguments. Consequently, this can lead to the execution of arbitrary programs, posing significant security risks to the affected applications.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-6128 - Proof of Concept

References

http://www.exploit-db.com/exploits/28085/
exploitx_refsource_EXPLOIT-DB
http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01
x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

.