VAR-201308-0294
Vulnerability from variot - Updated: 2023-12-18 12:52Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value. Attackers can exploit this issue to create and execute arbitrary files in the context of the application (typically Internet Explorer) that is using the ActiveX control, which may aid in a remote code execution. The following products are affected: LabVIEW 2012 and prior LabWindows/CVI 2012 and prior Measurement Studio 2013 and prior TestStand 2012 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "teststand",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "measurementstudio",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2013"
},
{
"model": "labview",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "labwindows",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "labview",
"scope": null,
"trust": 0.8,
"vendor": "national instruments",
"version": null
},
{
"model": "labwindows/cvi",
"scope": null,
"trust": 0.8,
"vendor": "national instruments",
"version": null
},
{
"model": "teststand",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2012"
},
{
"model": "measurementstudio",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2013"
},
{
"model": "labwindows",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2012"
},
{
"model": "labview",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2012"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2013",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5022"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi aka rgod working with Hewlett Packard\u0027s Zero Day Initiative.",
"sources": [
{
"db": "BID",
"id": "61828"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-5022",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5022",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-5022",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-067",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value. \nAttackers can exploit this issue to create and execute arbitrary files in the context of the application (typically Internet Explorer) that is using the ActiveX control, which may aid in a remote code execution. \nThe following products are affected:\nLabVIEW 2012 and prior\nLabWindows/CVI 2012 and prior\nMeasurement Studio 2013 and prior\nTestStand 2012 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "BID",
"id": "61828"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5022",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003660",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067",
"trust": 0.6
},
{
"db": "BID",
"id": "61828",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "61828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"id": "VAR-201308-0294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18333334
},
"last_update_date": "2023-12-18T12:52:06.161000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "How Does NI Security Update 67L8L0QW for cw3dgrph.ocx Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/c4619a438f7e78e486257b360050bd7d?opendocument"
},
{
"title": "How Do The NI Q2 2013 Security Updates Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"title": "NI Q2 2013\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/a13ef8e8ae2cfaa886257b750076ec0b?opendocument"
},
{
"title": "cw3dgrph.ocx\u7528NI\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c867L8L0QW\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/73fc56053f95119a86257b6c0073cc03?opendocument"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"trust": 1.9,
"url": "http://digital.ni.com/public.nsf/websearch/c4619a438f7e78e486257b360050bd7d?opendocument"
},
{
"trust": 1.0,
"url": "http://digital.ni.com/public.nsf/allkb/782e4f31442d833186257bd3004aeb47?opendocument"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5022"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5022"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
}
],
"sources": [
{
"db": "BID",
"id": "61828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "61828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-19T00:00:00",
"db": "BID",
"id": "61828"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"date": "2013-08-06T20:55:05.413000",
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"date": "2013-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T08:44:00",
"db": "BID",
"id": "61828"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"date": "2013-09-18T03:30:09.033000",
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"date": "2013-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "National Instruments LabWindows/CVI and LabVIEW Used in products such as cw3dgrph.ocx Vulnerable to absolute path traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…