Details of VAR-201308-0295

ID

VAR-201308-0295

CVE

CVE-2013-5023

TITLE

National Instruments LabWindows/CVI and LabVIEW Of products such as NI Vulnerability in help links

Trust: 0.8

sources: JVNDB: JVNDB-2013-003661

DESCRIPTION

The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. The impact of this issue is currently unknown. We will update this BID as more information becomes available. The following products are affected: Diadem 2012 and prior LabVIEW 2012 and prior LabWindows/CVI 2012 and prior Measurement Studio 2013 and prior TestStand 2012 and prior

Trust: 1.89

sources: NVD: CVE-2013-5023 // JVNDB: JVNDB-2013-003661 // BID: 61833

AFFECTED PRODUCTS

vendor:	ni	model:	teststand	scope:	lte	version:	2012	Trust: 1.0
vendor:	ni	model:	labwindows	scope:	lte	version:	2012	Trust: 1.0
vendor:	ni	model:	labview	scope:	lte	version:	2012	Trust: 1.0
vendor:	ni	model:	diadem	scope:	lte	version:	2012	Trust: 1.0
vendor:	ni	model:	measurementstudio	scope:	lte	version:	2013	Trust: 1.0
vendor:	ni	model:	teststand	scope:	eq	version:	2012	Trust: 0.9
vendor:	ni	model:	labview	scope:	eq	version:	2012	Trust: 0.9
vendor:	ni	model:	diadem	scope:	eq	version:	2012	Trust: 0.9
vendor:	national instruments	model:	labview	scope:	-	version:	-	Trust: 0.8
vendor:	national instruments	model:	labwindows/cvi	scope:	-	version:	-	Trust: 0.8
vendor:	ni	model:	measurementstudio	scope:	eq	version:	2013	Trust: 0.6
vendor:	ni	model:	labwindows	scope:	eq	version:	2012	Trust: 0.6
vendor:	ni	model:	measurement studio	scope:	eq	version:	2013	Trust: 0.3
vendor:	ni	model:	labwindows/cvi	scope:	eq	version:	2012	Trust: 0.3

sources: BID: 61833 // JVNDB: JVNDB-2013-003661 // CNNVD: CNNVD-201308-068 // NVD: CVE-2013-5023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5023
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5023
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201308-068
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2013-5023
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2013-003661 // CNNVD: CNNVD-201308-068 // NVD: CVE-2013-5023

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-5023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-068

TYPE

Unknown

Trust: 0.3

sources: BID: 61833

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003661

PATCH

title:	How Does NI Security Update 67L8IQQW for NI Help Links Affect Me?	url:	http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument	Trust: 0.8
title:	How Do The NI Q2 2013 Security Updates Affect Me?	url:	http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument	Trust: 0.8
title:	NI Q2 2013セキュリティアップデートについて	url:	http://digital.ni.com/public.nsf/websearchj/A13EF8E8AE2CFAA886257B750076EC0B?OpenDocument	Trust: 0.8
title:	NIヘルプリンク用NIセキュリティアップデート67L8IQQWについて	url:	http://digital.ni.com/public.nsf/websearchj/A48F6C57184FF71D86257B5F0069BE56?OpenDocument	Trust: 0.8

sources: JVNDB: JVNDB-2013-003661

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5023	Trust: 2.7
db:	JVNDB	id:	JVNDB-2013-003661	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-068	Trust: 0.6
db:	BID	id:	61833	Trust: 0.3

sources: BID: 61833 // JVNDB: JVNDB-2013-003661 // CNNVD: CNNVD-201308-068 // NVD: CVE-2013-5023

REFERENCES

url:	http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument	Trust: 1.9
url:	http://digital.ni.com/public.nsf/websearch/5c87a3aa7300868986257b3600501fe6?opendocument	Trust: 1.9
url:	http://digital.ni.com/public.nsf/allkb/e6bc4f119d49a97a86257bd3004fe019?opendocument	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5023	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5023	Trust: 0.8
url:	http://support.microsoft.com/kb/240797	Trust: 0.3
url:	http://www.ni.com/	Trust: 0.3

sources: BID: 61833 // JVNDB: JVNDB-2013-003661 // CNNVD: CNNVD-201308-068 // NVD: CVE-2013-5023

CREDITS

National Instruments

Trust: 0.3

sources: BID: 61833

SOURCES

db:	BID	id:	61833
db:	JVNDB	id:	JVNDB-2013-003661
db:	CNNVD	id:	CNNVD-201308-068
db:	NVD	id:	CVE-2013-5023

LAST UPDATE DATE

2024-08-14T15:03:40.662000+00:00

SOURCES UPDATE DATE

db:	BID	id:	61833	date:	2015-03-19T08:27:00
db:	JVNDB	id:	JVNDB-2013-003661	date:	2013-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201308-068	date:	2013-08-07T00:00:00
db:	NVD	id:	CVE-2013-5023	date:	2013-09-25T15:06:26.723

SOURCES RELEASE DATE

db:	BID	id:	61833	date:	2013-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-003661	date:	2013-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201308-068	date:	2013-08-07T00:00:00
db:	NVD	id:	CVE-2013-5023	date:	2013-08-06T20:55:05.453