Arbitrary Code Execution Vulnerability in NI Vision Software Using Third-Party Libraries
CVE-2024-12740
7HIGH
What is CVE-2024-12740?
The NI Vision Software utilizes a third-party library for image processing, which contains several vulnerabilities that could potentially lead to arbitrary code execution. An attacker can exploit these vulnerabilities if they successfully trick a user into opening a specially crafted file, thereby compromising the system's security. It's crucial for users to remain vigilant and apply necessary updates to mitigate the risks associated with these vulnerabilities.
Affected Version(s)
Data Record AD 0 <= 2.0
FlexRIO 0 < 25.0
FRC Game Tools 0 <= 25.0
References
CVSS V4
Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
kimiya working with Trend Micro Zero Day Initiative