CVE-2013-5024

Published Aug 6, 2013

Last updated 11 years ago

Overview

Description: An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A12E5F42-B2FC-48F4-8D04-5B59A3869461",
            "versionEndIncluding": "2013"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References