CVE-2013-5022
National Instruments LabWindows/CVI <2012 SP1 - Path Traversal
Title source: llmDescription
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument
Vendor Advisory x_refsource_confirm
http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument
Patch, Vendor Advisory x_refsource_confirm
http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument
Scores
EPSS
0.0257
EPSS Percentile
83.3%
Details
CWE
CWE-22
Status
published
Products (4)
ni/labview
< 2012
ni/labwindows
< 2012
ni/measurementstudio
< 2013
ni/teststand
< 2012
Published
Aug 06, 2013
Tracked Since
Feb 18, 2026