CVE-2009-0301

FlexCell Grid Control 5.6.9 - Arbitrary File Write via SaveFile and ExportToXML Methods

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0301. PoCs published by Houssamix.

AI-analyzed exploit summary This exploit leverages an unsafe ActiveX control (FlexCell Grid Control 5.6.9) to overwrite arbitrary files on the victim's system via the SaveFile method. The vulnerability arises from the control's lack of proper safety checks, allowing file writes to arbitrary locations.

Description

Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Houssamix · htmlremotewindows
https://www.exploit-db.com/exploits/7868

This exploit leverages an unsafe ActiveX control (FlexCell Grid Control 5.6.9) to overwrite arbitrary files on the victim's system via the SaveFile method. The vulnerability arises from the control's lack of proper safety checks, allowing file writes to arbitrary locations.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: FlexCell Grid Control 5.6.9
No auth needed
Prerequisites: Victim must open the malicious HTML file in a browser with ActiveX enabled · FlexCell Grid Control 5.6.9 must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7868
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33453
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33664

Scores

EPSS 0.0196
EPSS Percentile 77.7%

Details

Status published
Products (1)
grid2000/flexcell_grid_control 5.6.9
Published Jan 27, 2009
Tracked Since Feb 18, 2026