CVE-2013-5022 Information

Description

Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier LabVIEW 2012 SP1 and earlier and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in conjunction with file content in the (1) Caption or (2) FormatString property value.

Reference

http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument