Vulnerability CVE-2017-2779


Published: 2017-09-05   Modified: 2017-09-06

Description:
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
NI -> Labview 

 References:
http://www.ni.com/product-documentation/54099/en/
http://www.securityfocus.com/bid/100519
https://0patch.blogspot.com/2017/09/0patching-rsrc-arbitrary-null-write.html
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0273

Copyright 2024, cxsecurity.com

 

Back to Top