cbcvebase.
CVE-2013-6128
published 2013-10-25

CVE-2013-6128: The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile…

PriorityP339medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EXPLOIT
EPSS
2.56%
83.1th percentile
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.

Affected

1 ranges
VendorProductVersion rangeFixed in
wellintechkingview<= 6.52
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.