CVE-2013-5022

Published Aug 6, 2013

Last updated 11 years ago

Overview

Description: Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3815CFE4-4E5E-44BB-B206-520C39DE3674",
            "versionEndIncluding": "2012"
          },
          {
            "criteria": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC46A398-C8F3-49B2-BDDE-20DEA80EC941",
            "versionEndIncluding": "2012"
          },
          {
            "criteria": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A12E5F42-B2FC-48F4-8D04-5B59A3869461",
            "versionEndIncluding": "2013"
          },
          {
            "criteria": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68051582-D70F-4B32-A9F9-64A5E33CB481",
            "versionEndIncluding": "2012"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References