CVE-2013-2817

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Automation MC-WorX Suite version 8.02

Description The issue allows remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. This is made possible by a vulnerability in an ActiveX control in IcoLaunch.dll.

Recommendations For Mitsubishi Electric Automation MC-WorX Suite version 8.02, consider disabling the vulnerable ActiveX control in IcoLaunch.dll as a temporary workaround until a patch is available. Restrict access to the Login Client button to minimize the risk of exploitation.