CVE-2013-5022
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
06/08/2013
Last modified:
11/04/2025
Description
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:* | 2012 (including) | |
| cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:* | 2012 (including) | |
| cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:* | 2013 (including) | |
| cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:* | 2012 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument=
- http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument=
- http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument=
- http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument=
- http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument=
- http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument=