cbcvebase.
CVE-2013-2817
published 2014-02-24

CVE-2013-2817: An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs…

PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.93%
92.3th percentile
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.

Affected

1 ranges
VendorProductVersion rangeFixed in
mitsubishielectricmc-worx_suite<= 8.02

Detection & IOCsextracted from sources · hover to see the quote

filenameIcoLaunch.dll
  • Monitor for ActiveX instantiation of IcoLaunch.dll in browser processes, particularly when followed by child process execution.
  • Look for arbitrary process spawning (e.g., executables from remote UNC/share paths) triggered by a browser process loading IcoLaunch.dll, consistent with the PoC pattern of assigning a FileName property on the ActiveX object.
  • Alert on the FileName property being set on the IcoLaunch ActiveX control via script in a web page, especially to UNC paths or unusual executables.
  • Exploits are publicly available; treat any MC-WorX 8.02 host browsing untrusted HTML as high-risk for arbitrary code execution without authentication or privilege elevation.
  • ·Exploitation requires user interaction — the victim must click the Login Client button in the crafted HTML page; drive-by without a click will not trigger execution.
  • ·Only MC-WorX Suite version 8.02 is vulnerable; version 9.22 (released 2011) is not affected by this ActiveX issue.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.