CVE-2013-5022

Name of the Vulnerable Software and Affected Versions National Instruments LabWindows/CVI versions prior to 2012 SP1 National Instruments LabVIEW versions prior to 2012 SP1

Description The issue allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the Caption or FormatString property value. This can be exploited by providing a full pathname in the argument to the ExportStyle method.

Recommendations For National Instruments LabWindows/CVI versions prior to 2012 SP1, update to a version later than 2012 SP1. For National Instruments LabVIEW versions prior to 2012 SP1, update to a version later than 2012 SP1. As a temporary workaround, consider restricting the use of the ExportStyle method until a patch is available. Avoid using the Caption and FormatString property values in the affected ActiveX control until the issue is resolved.