CVE-2013-5021 – ABB DataManager National Instruments Multiple ActiveX Controls cwui.ocx ExportStyle() Method Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-5021

11 Jun 2013 — Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunc... • http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •