CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2017-2779
https://notcve.org/view.php?id=CVE-2017-2779
05 Sep 2017 — An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution. Existe una vulnerabilidad de corrupción de memoria explotable en la funcionalidad de análisis de... • http://www.ni.com/product-documentation/54099/en • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 1CVE-2017-2775
https://notcve.org/view.php?id=CVE-2017-2775
31 Mar 2017 — An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution. Existe una vulnerabilidad de corrupción de memoria explotable en la funcionalida... • http://www.ni.com/product-documentation/53778/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2013-5022
https://notcve.org/view.php?id=CVE-2013-5022
06 Aug 2013 — Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value. Una vulnerabilidad de salto de ruta (path) en el control de 3D Graph ActiveX en el archivo cw3dgrph.ocx ... • http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-5023
https://notcve.org/view.php?id=CVE-2013-5023
06 Aug 2013 — The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files. Vulnerabilidad sin especificar en un control ActiveX en el componente HelpAsst en NI Help Links in National Instruments LabWindows/CVI, LabVIEW, y otros productos, tiene un impacto desconocido y vectores de ataque remotos. • http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5024
https://notcve.org/view.php?id=CVE-2013-5024
06 Aug 2013 — An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls. Vulnerabilidad sin especificar en un control ActiveX en NationalInstruments.Help2.dll en National Instruments NI .NET Class Library Help tiene un impacto y vectores de ataque desconocidos. • http://digital.ni.com/public.nsf/allkb/548965C170D6AA2586257BD3004B146B?OpenDocument •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5025
https://notcve.org/view.php?id=CVE-2013-5025
06 Aug 2013 — An ActiveX control in exlauncher.dll in the Help subsystem in National Instruments LabWindows/CVI before 2013 allows remote attackers to cause a denial of service by triggering the display of local example files. Vulnerabilidad sin especificar en un control ActiveX en el subsistema Help en National Instruments LabWindows/CVI anterior a v2013 tiene un impacto y vectores de ataque desconocidos. • http://digital.ni.com/public.nsf/allkb/493D011EE5C305FD86257BCF006C8540?OpenDocument •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 0CVE-2013-5026
https://notcve.org/view.php?id=CVE-2013-5026
06 Aug 2013 — An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.ocx in National Instruments Lookout 6.5 through 6.7 allows remote attackers to execute arbitrary code by triggering the download of, and calls to, an arbitrary DLL file. Un control ActiveX en los archivos lookout650.ocx, lookout660.ocx y lookout670.ocx en Lookout de National Instruments versiones 6.5 hasta 6.7, permite a los atacantes remotos ejecutar código arbitrario activando la descarga de las llamadas hacia un archivo DLL arbitrario. • http://digital.ni.com/public.nsf/allkb/544407ECC5FEE44086257BCF00735D1F?OpenDocument •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5021 – ABB DataManager National Instruments Multiple ActiveX Controls cwui.ocx ExportStyle() Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5021
11 Jun 2013 — Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunc... • http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •