VIR Vulnerability Intelligence Relay

CVE-2013-5022

critical
Published 2013-08-06 · Modified 2026-04-29
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument

Application impact
VendorProductVersionsFixed
nilabview{"endIncluding":"2012"}
nilabwindows{"endIncluding":"2012"}
nimeasurementstudio{"endIncluding":"2013"}
niteststand{"endIncluding":"2012"}

References

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.