CVE-2013-5022
Last modified
CVE-2013-5022 is a vulnerability of currently unknown severity. Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.. EPSS estimates a 2.57% chance of exploitation in the next 30 days.
Description
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ni | Labview | <= 2012 |
| Ni | Labwindows | <= 2012 |
| Ni | Measurementstudio | <= 2013 |
| Ni | Teststand | <= 2012 |
References
- http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocumentPatch, Vendor Advisory
- http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocumentPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-5022?
How severe is CVE-2013-5022?
How do I fix CVE-2013-5022?
Are you affected by CVE-2013-5022?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST