exploitDog

CVE-2013-6128

Опубликовано: 25 окт. 2013

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.

Ссылки

http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01
Patch
US Government Resource
http://www.exploit-db.com/exploits/28085/
http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01
Patch
US Government Resource
http://www.exploit-db.com/exploits/28085/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wellintech:kingview:*:*:*:*:*:*:*:*

Версия до 6.52 (включая)

EPSS

Процентиль: 93%

0.09981

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-52x6-3hmc-r83m

github

больше 3 лет назад

The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.

EPSS

Процентиль: 93%

0.09981

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-264