CVE-2013-6127

Name of the Vulnerable Software and Affected Versions WellinTech KingView versions prior to 6.53 SuperGrid.ocx versions prior to 65.30.30000.10002

Description The issue concerns the SUPERGRIDLib.SuperGrid ActiveX control, which does not properly restrict ReplaceDBFile method calls. This allows remote attackers to create or overwrite arbitrary files and subsequently execute arbitrary programs via the two pathname arguments. A directory traversal attack can be used to exploit this issue.

Recommendations For WellinTech KingView versions prior to 6.53, update to version 6.53 or later. For SuperGrid.ocx versions prior to 65.30.30000.10002, update to version 65.30.30000.10002 or later. As a temporary workaround, consider restricting access to the ReplaceDBFile method until a patch is available.