CVE-2013-5021

Name of the Vulnerable Software and Affected Versions National Instruments LabWindows/CVI versions prior to 2012 SP1 National Instruments LabVIEW versions prior to 2012 SP1 ABB DataManager versions 1 through 6.3.6

Description The issue allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in various ActiveX controls, including CWNumEdit, CWGraph, CWBoolean, CWSlide, or CWKnob, in conjunction with file content in the Caption or FormatString property value.

Recommendations For National Instruments LabWindows/CVI versions prior to 2012 SP1, update to a version later than 2012 SP1. For National Instruments LabVIEW versions prior to 2012 SP1, update to a version later than 2012 SP1. For ABB DataManager versions 1 through 6.3.6, consider disabling the ExportStyle method in the affected ActiveX controls as a temporary workaround until a patch is available.