Arbitrary DLL Code Execution via ProjectURL Property in WellinTech KingSCADA, KingAlarm&Event, and KingGraphic

Arbitrary DLL Code Execution via ProjectURL Property in WellinTech KingSCADA, KingAlarm&Event, and KingGraphic

CVE-2013-2827 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.

Learn more about our Web Application Penetration Testing UK.