Vulnerability Details : CVE-2013-5022
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2013-5022
Probability of exploitation activity in the next 30 days: 0.62%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5022
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-5022
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5022
-
http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument
Error - Page Error - National InstrumentsPatch;Vendor Advisory
-
http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument
Error - Page Error - National Instruments
-
http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument
Error - Page Error - National InstrumentsVendor Advisory
Products affected by CVE-2013-5022
- cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*
- cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*
- cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*
- cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*