CVE-2017-2775

2017-03-3118:00:00

talos

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.037 Low

EPSS

Percentile

91.8%

JSON

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.

CNA Affected

[
  {
    "product": "LabVIEW 2016 Evaluation",
    "vendor": "National Instruments",
    "versions": [
      {
        "status": "affected",
        "version": "16.0.0.49152"
      }
    ]
  }
]