ID

VAR-201308-0295


CVE

CVE-2013-5023


TITLE

National Instruments LabWindows/CVI and LabVIEW Of products such as NI Vulnerability in help links

Trust: 0.8

sources: JVNDB: JVNDB-2013-003661

DESCRIPTION

The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. The impact of this issue is currently unknown. We will update this BID as more information becomes available. The following products are affected: Diadem 2012 and prior LabVIEW 2012 and prior LabWindows/CVI 2012 and prior Measurement Studio 2013 and prior TestStand 2012 and prior

Trust: 1.89

sources: NVD: CVE-2013-5023 // JVNDB: JVNDB-2013-003661 // BID: 61833

AFFECTED PRODUCTS

vendor:nimodel:teststandscope:lteversion:2012

Trust: 1.0

vendor:nimodel:labwindowsscope:lteversion:2012

Trust: 1.0

vendor:nimodel:labviewscope:lteversion:2012

Trust: 1.0

vendor:nimodel:diademscope:lteversion:2012

Trust: 1.0

vendor:nimodel:measurementstudioscope:lteversion:2013

Trust: 1.0

vendor:nimodel:teststandscope:eqversion:2012

Trust: 0.9

vendor:nimodel:labviewscope:eqversion:2012

Trust: 0.9

vendor:nimodel:diademscope:eqversion:2012

Trust: 0.9

vendor:national instrumentsmodel:labviewscope: - version: -

Trust: 0.8

vendor:national instrumentsmodel:labwindows/cviscope: - version: -

Trust: 0.8

vendor:nimodel:measurementstudioscope:eqversion:2013

Trust: 0.6

vendor:nimodel:labwindowsscope:eqversion:2012

Trust: 0.6

vendor:nimodel:measurement studioscope:eqversion:2013

Trust: 0.3

vendor:nimodel:labwindows/cviscope:eqversion:2012

Trust: 0.3

sources: BID: 61833 // JVNDB: JVNDB-2013-003661 // CNNVD: CNNVD-201308-068 // NVD: CVE-2013-5023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5023
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5023
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-068
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-5023
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-003661 // CNNVD: CNNVD-201308-068 // NVD: CVE-2013-5023

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-5023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-068

TYPE

Unknown

Trust: 0.3

sources: BID: 61833

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003661

PATCH

title:How Does NI Security Update 67L8IQQW for NI Help Links Affect Me?url:http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument

Trust: 0.8

title:How Do The NI Q2 2013 Security Updates Affect Me?url:http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument

Trust: 0.8

title:NI Q2 2013セキュリティアップデートについてurl:http://digital.ni.com/public.nsf/websearchj/A13EF8E8AE2CFAA886257B750076EC0B?OpenDocument

Trust: 0.8

title:NIヘルプリンク用NIセキュリティアップデート67L8IQQWについてurl:http://digital.ni.com/public.nsf/websearchj/A48F6C57184FF71D86257B5F0069BE56?OpenDocument

Trust: 0.8

sources: JVNDB: JVNDB-2013-003661

EXTERNAL IDS

db:NVDid:CVE-2013-5023

Trust: 2.7

db:JVNDBid:JVNDB-2013-003661

Trust: 0.8

db:CNNVDid:CNNVD-201308-068

Trust: 0.6

db:BIDid:61833

Trust: 0.3

sources: BID: 61833 // JVNDB: JVNDB-2013-003661 // CNNVD: CNNVD-201308-068 // NVD: CVE-2013-5023

REFERENCES

url:http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument

Trust: 1.9

url:http://digital.ni.com/public.nsf/websearch/5c87a3aa7300868986257b3600501fe6?opendocument

Trust: 1.9

url:http://digital.ni.com/public.nsf/allkb/e6bc4f119d49a97a86257bd3004fe019?opendocument

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5023

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5023

Trust: 0.8

url:http://support.microsoft.com/kb/240797

Trust: 0.3

url:http://www.ni.com/

Trust: 0.3

sources: BID: 61833 // JVNDB: JVNDB-2013-003661 // CNNVD: CNNVD-201308-068 // NVD: CVE-2013-5023

CREDITS

National Instruments

Trust: 0.3

sources: BID: 61833

SOURCES

db:BIDid:61833
db:JVNDBid:JVNDB-2013-003661
db:CNNVDid:CNNVD-201308-068
db:NVDid:CVE-2013-5023

LAST UPDATE DATE

2024-08-14T15:03:40.662000+00:00


SOURCES UPDATE DATE

db:BIDid:61833date:2015-03-19T08:27:00
db:JVNDBid:JVNDB-2013-003661date:2013-10-11T00:00:00
db:CNNVDid:CNNVD-201308-068date:2013-08-07T00:00:00
db:NVDid:CVE-2013-5023date:2013-09-25T15:06:26.723

SOURCES RELEASE DATE

db:BIDid:61833date:2013-08-19T00:00:00
db:JVNDBid:JVNDB-2013-003661date:2013-08-08T00:00:00
db:CNNVDid:CNNVD-201308-068date:2013-08-07T00:00:00
db:NVDid:CVE-2013-5023date:2013-08-06T20:55:05.453