An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.
References
Link | Resource |
---|---|
http://www.talosintelligence.com/reports/TALOS-2017-0269/ | Exploit Technical Description Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/97020 | Third Party Advisory VDB Entry |
http://www.ni.com/product-documentation/53778/en/ |
Configurations
Information
Published : 2017-03-31 11:59
Updated : 2022-04-19 12:15
NVD link : CVE-2017-2775
Mitre link : CVE-2017-2775
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
ni
- labview