QwikSec

Security Database

CVE

CWE

Training

CVE-2013-5021

Published: Aug 6, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf

x_refsource_CONFIRM

http://zerodayinitiative.com/advisories/ZDI-13-120/

x_refsource_MISC

http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument

x_refsource_CONFIRM

http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.