Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 06/08/2013 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and previous versions, National Instruments LabVIEW 2012 SP1 and previous versions, the Data Analysis component in ABB DataManager 1 up to and including 6.3.6, and other products allow remote malicious users to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ni teststand
ni measurementstudio
ni labview
ni labwindows
abb datamanager 1.0.0
abb datamanager 6.3.6

CWE-22 http://zerodayinitiative.com/advisories/ZDI-13-120/http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-5021

Vulnerability Summary

References

Vulmon Search

About

Products

Connect