CVE-2013-6127

WellinTech KingView < 6.53 - Arbitrary File Write via SUPERGRIDLib.SuperGrid ReplaceDBFile Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6127. PoCs published by blake.

AI-analyzed exploit summary This exploit leverages an insecure ActiveX control (SuperGrid.ocx) in KingView 6.53 to copy arbitrary files from a source to a destination via the ReplaceDBFile method. It demonstrates file manipulation capabilities, potentially allowing an attacker to overwrite or exfiltrate files.

Description

The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.

Exploits (1)

exploitdb WORKING POC VERIFIED
by blake · htmllocalwindows
https://www.exploit-db.com/exploits/28084

This exploit leverages an insecure ActiveX control (SuperGrid.ocx) in KingView 6.53 to copy arbitrary files from a source to a destination via the ReplaceDBFile method. It demonstrates file manipulation capabilities, potentially allowing an attacker to overwrite or exfiltrate files.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: KingView 6.53
No auth needed
Prerequisites: Victim must have KingView 6.53 installed · Victim must visit a malicious webpage hosting the exploit · ActiveX controls must be enabled in the browser
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/28084/
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01

Scores

EPSS 0.1391
EPSS Percentile 96.1%

Details

CWE
CWE-22
Status published
Products (3)
wellintech/kingview 3.0
wellintech/kingview 6.52
wellintech/kingview < 6.53
Published Oct 25, 2013
Tracked Since Feb 18, 2026