CVE-2013-6128

Name of the Vulnerable Software and Affected Versions WellinTech KingView versions prior to 6.53 KChartXY.ocx versions prior to 65.30.30000.10002

Description The issue concerns the KCHARTXYLib.KChartXY ActiveX control, which does not properly restrict SaveToFile method calls. This allows remote attackers to create or overwrite arbitrary files and subsequently execute arbitrary programs via a single pathname argument. A directory traversal attack can be used to exploit this issue.

Recommendations For WellinTech KingView versions prior to 6.53, update to version 6.53 or later. For KChartXY.ocx versions prior to 65.30.30000.10002, update to version 65.30.30000.10002 or later. As a temporary workaround, consider restricting access to the SaveToFile method in the KChartXY.ocx control to minimize the risk of exploitation.