7 matches found
KingScada kxClientDownload.ocx ActiveX - Remote Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::BrowserExploitServer include...
WellinTech Multiple Products kxClientDownload ActiveX Remote Code Execution (CVE-2013-2827)
A remote code execution vulnerability exists in WellinTech multiple products. The vulnerability exists in ClientDownload.ocx ActiveX control and is due to insufficient sanitization of ProjectURL property. A remote unauthenticated attacker can leverage this vulnerability to download and load an...
KingSCADA/KingGraphic远程代码执行漏洞
CVECAN ID: CVE-2013-2827 KingSCADA系列产品是基于Windows的控制、监督和数据收集应用程序。 KingSCADA、KingGraphic 3.1及之前版本处理 "ProjectURL" 属性时,ActiveX组件内出现错误,成功利用后可导致下载并执行任意代码。 0 kingview KingSCADA = 3.1 kingview KingGraphic = 3.1 厂商补丁: kingview -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kingview.com...
CVE-2013-2827
creationtimestamp| type| source ---|---|--- 2014-02-11 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/31575 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/wellintechkingscadakxclientdownload.rb 2025-02-0...
KingScada - kxClientDownload.ocx ActiveX Remote Code Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'KingScada kxClientDownload.ocx ActiveX Remote Code Execution', 'Description' = %q This module abuses the kxClientDownload.ocx ActiveX...
KingScada kxClientDownload.ocx ActiveX Remote Code Execution
This module abuses the kxClientDownload.ocx ActiveX control distributed with WellingTech KingScada. The ProjectURL property can be abused to download and load arbitrary DLLs from arbitrary locations, leading to arbitrary code execution, because of a dangerous usage of LoadLibrary. Due to the natu...
CVE-2013-2827
CVE-2013-2827 concerns an unresolved ActiveX control in WellinTech KingSCADA (before 3.1.2), KingAlarm&Event (before 3.1), and KingGraphic (before 3.1.2) that allows remote code execution by abusing the ProjectURL property to download and execute a DLL on a client. Root cause: insufficient saniti...