Path Traversal Vulnerability in National Instruments LabWindows/CVI and LabVIEW
CVE-2013-5022

Currently unrated

Key Information:

Vendor: Ni
Status: Teststand; Measurementstudio; Labview; Labwindows
Vendor: CVE Published:; 6 August 2013

What is CVE-2013-5022?

The vulnerability allows remote attackers to exploit an absolute path traversal flaw in the 3D Graph ActiveX control. By manipulating the ExportStyle method with specially crafted arguments, attackers can create and execute arbitrary files. This is possible by using full pathnames, which can be embedded in the Caption or FormatString properties. Users of affected products should apply necessary patches to mitigate the risk.

References

http://digital.ni.com/public.nsf/allkb/782E4F31442D833186...

x_refsource_CONFIRM

http://digital.ni.com/public.nsf/websearch/C4619A438F7E78...

x_refsource_CONFIRM

http://digital.ni.com/public.nsf/websearch/507DEC9DA57A70...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2013
Vulnerability Reserved
Jul 31, 2013

Ni

What is CVE-2013-5022?

References

Timeline