Lucene search

[email protected]CVE-2017-2779

HistorySep 05, 2017 - 6:29 p.m.

CVE-2017-2779

2017-09-0518:29:00

CWE-787

[email protected]

web.nvd.nist.gov

labview

rsrc

memory corruption

vulnerability

code execution

cve-2017-2779

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution.

Affected configurations

Vulners

NVD

Node

national_instrumentslabviewRange≤16.0

VendorProductVersionCPE
national_instrumentslabview*cpe:2.3:a:national_instruments:labview:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
national_instruments	labview	*	cpe:2.3:a:national_instruments:labview::::::::

CNA Affected

[
  {
    "product": "LabVIEW 2016",
    "vendor": "National Instruments",
    "versions": [
      {
        "status": "affected",
        "version": "16.0"
      }
    ]
  }
]