Lucene search
K

396 matches found

Prion
Prion
added 2017/09/05 6:29 p.m.18 views

Memory corruption

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An...

6.8CVSS7.9AI score0.02168EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2017/09/05 6:0 p.m.24 views

CVE-2017-2779

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An...

7.5CVSS7.9AI score0.02168EPSS
Exploits2References4
CVE
CVE
added 2017/09/05 6:0 p.m.88 views

CVE-2017-2779

The CVE-2017-2779 vulnerability affects National Instruments LabVIEW (LabVIEW 2016, 2017, 2015, 2014) where the RSRC segment parsing can be manipulated. In LabVIEW’s RSRC handling, the loop counter and offsets from the RSRC data can be controlled by an attacker via a specially crafted VI file. Th...

7.8CVSS7.8AI score0.02168EPSS
Exploits2References4Affected Software1
CNVD
CNVD
added 2017/09/05 12:0 a.m.5 views

National Instruments LabVIEW Memory Corruption Vulnerability

National Instruments LabVIEW is a set of system design platforms from National Instruments. The platform graphically connects measurement and control hardware, analyzes data, presents results, and distributes the system. A memory corruption vulnerability exists in the National Instruments LabVIEW...

7.8CVSS7.6AI score0.02168EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2017/09/01 10:0 a.m.41 views

No Fix Planned For LabVIEW Bug, Says National Instruments

Automated test equipment and virtual instrumentation software behemoth National Instruments said it will not patch software that security researchers at Cisco Talos said is flawed and could result in code execution by third-party attackers. The affected software is LabVIEW, a leading program...

9.3CVSS2AI score0.30666EPSS
Exploits5References5
Talos Blog
Talos Blog
added 2017/08/29 8:9 a.m.125 views

Vulnerability Spotlight: Code Execution Vulnerability in LabVIEW

Vulnerability discovered by Cory Duplantis of Cisco Talos.Update: 9/1/17 - National Instruments has published the following advisoryOverviewLabVIEW is a system design and development platform released by National Instruments. The software is widely used to create applications for data acquisition...

9.3CVSS8.1AI score0.30666EPSS
Exploits3
The Hacker News
The Hacker News
added 2017/08/29 6:33 a.m.45 views

Using LabVIEW? Unpatched Flaw Allows Hackers to Hijack Your Computer

If you're an engineer and use LabVIEW software to design machines or industrial equipments, you should be very suspicious while opening any VI virtual instrument file. LabVIEW, developed by American company National Instruments, is a visual programming language and powerful system-design tool tha...

6.8CVSS8.1AI score0.02168EPSS
Exploits2
Talos
Talos
added 2017/08/29 12:0 a.m.53 views

National Instruments LabVIEW RSRC Arbitrary Null Write Code Execution Vulnerability

Summary An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW. A specially crafted VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this...

7.8CVSS7.7AI score0.02168EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2017/05/02 12:0 a.m.18 views

National Instruments LabVIEW Installed

Binary data labviewinstalled.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/05/02 12:0 a.m.121 views

National Instruments LabVIEW 2015 < 2015 SP1 f7 / 2016 < 2016 f2 LvVarientUnflatten VI File Handling Arbitrary Code Execution

The version of National Instruments NI LabVIEW installed on the remote Windows host is version 2015 prior to 2015 SP1 f7 or 2016 prior to 2016 f2. It is, therefore, affected by an arbitrary code execution vulnerability in the LvVarientUnflatten functionality due to improper validation of...

7.8CVSS8.1AI score0.0294EPSS
Exploits2References6
Prion
Prion
added 2017/03/31 6:59 p.m.22 views

Memory corruption

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap...

6.8CVSS7.9AI score0.0294EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2017/03/31 6:59 p.m.7 views

CVE-2017-2775

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap...

7.8CVSS6AI score0.0294EPSS
Exploits2References3
NVD
NVD
added 2017/03/31 6:59 p.m.26 views

CVE-2017-2775

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap...

7.8CVSS7.8AI score0.0294EPSS
Exploits2References3
CVE
CVE
added 2017/03/31 6:0 p.m.70 views

CVE-2017-2775

CVE-2017-2775 is a memory corruption flaw in NI LabVIEW’s LvVariantUnflatten handling affecting 64-bit LabVIEW 2015 before SP1 f7 and 2016 before f2. A specially crafted VI file can drive an attacker-controlled value as a loop terminator, triggering heap corruption via LV’s ReadTD/BinDataReader p...

7.8CVSS7.8AI score0.0294EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2017/03/31 6:0 p.m.29 views

CVE-2017-2775

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap...

7.5CVSS7.9AI score0.0294EPSS
Exploits2References3
CNVD
CNVD
added 2017/03/27 12:0 a.m.4 views

National Instruments LabVIEW Memory Disclosure Vulnerability

National Instruments LabVIEW is a system design and development platform released by National Instruments. A memory disclosure vulnerability exists in National Instruments LabVIEW. An attacker could exploit this vulnerability by submitting a specially crafted VI file to an affected system to...

7.8CVSS7.6AI score0.0294EPSS
Exploits2References1
Talos
Talos
added 2017/03/22 12:0 a.m.64 views

National Instruments LabVIEW LvVarientUnflatten Code Execution Vulnerability

Summary An exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version 16.0.0.49152. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled V...

7.8CVSS7.7AI score0.0294EPSS
Exploits2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.49 views

National Instruments LabVIEW 5.1.1/6.0/6.1 HTTP Request Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4577/info A vulnerability has been reported in some versions of National Instruments LabVIEW for Linux and Microsoft Windows. LabVIEW includes an integrated HTTP server. If a malformed HTTP request is received, it is...

7.1AI score
Exploits0
NVD
NVD
added 2013/08/06 8:55 p.m.21 views

CVE-2013-5022

Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to t...

10CVSS7.3AI score0.0257EPSS
Exploits0References3
Prion
Prion
added 2013/08/06 8:55 p.m.14 views

Path traversal

Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to t...

10CVSS7.8AI score0.0257EPSS
Exploits0References3Affected Software4
Rows per page
Query Builder