Details of VAR-201308-0296

ID

VAR-201308-0296

CVE

CVE-2013-5024

TITLE

National Instruments LabWindows/CVI of NI .NET Vulnerability in class library help

Trust: 0.8

sources: JVNDB: JVNDB-2013-003662

DESCRIPTION

An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. The impact of this issue is currently unknown. We will update this BID as more information becomes available

Trust: 1.89

sources: NVD: CVE-2013-5024 // JVNDB: JVNDB-2013-003662 // BID: 61835

AFFECTED PRODUCTS

vendor:	ni	model:	measurementstudio	scope:	lte	version:	2013	Trust: 1.0
vendor:	national instruments	model:	labwindows/cvi	scope:	-	version:	-	Trust: 0.8
vendor:	ni	model:	measurementstudio	scope:	eq	version:	2013	Trust: 0.6

sources: JVNDB: JVNDB-2013-003662 // CNNVD: CNNVD-201308-069 // NVD: CVE-2013-5024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5024
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5024
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201308-069
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2013-5024
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2013-003662 // CNNVD: CNNVD-201308-069 // NVD: CVE-2013-5024

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-5024

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-069

TYPE

Unknown

Trust: 0.3

sources: BID: 61835

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003662

PATCH

title:	How Does NI Security Update 67L8KSQW for NI .NET Class Library Help Affect Me?	url:	http://digital.ni.com/public.nsf/websearch/D8E97E95D59AC17086257B3600508823?OpenDocument	Trust: 0.8
title:	How Do The NI Q2 2013 Security Updates Affect Me?	url:	http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument	Trust: 0.8
title:	NI Q2 2013セキュリティアップデートについて	url:	http://digital.ni.com/public.nsf/websearchj/A13EF8E8AE2CFAA886257B750076EC0B?OpenDocument	Trust: 0.8
title:	NI .NETクラスライブラリヘルプ用NIセキュリティアップデート67L8KSQWについて	url:	http://digital.ni.com/public.nsf/websearchj/618B869C0B5DE8B586257B6C0070DA3F?OpenDocument	Trust: 0.8

sources: JVNDB: JVNDB-2013-003662

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5024	Trust: 2.7
db:	JVNDB	id:	JVNDB-2013-003662	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-069	Trust: 0.6
db:	BID	id:	61835	Trust: 0.3

sources: BID: 61835 // JVNDB: JVNDB-2013-003662 // CNNVD: CNNVD-201308-069 // NVD: CVE-2013-5024

REFERENCES

url:	http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument	Trust: 1.9
url:	http://digital.ni.com/public.nsf/websearch/d8e97e95d59ac17086257b3600508823?opendocument	Trust: 1.9
url:	http://digital.ni.com/public.nsf/allkb/548965c170d6aa2586257bd3004b146b?opendocument	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5024	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5024	Trust: 0.8
url:	http://support.microsoft.com/kb/240797	Trust: 0.3
url:	http://www.ni.com/	Trust: 0.3

sources: BID: 61835 // JVNDB: JVNDB-2013-003662 // CNNVD: CNNVD-201308-069 // NVD: CVE-2013-5024

CREDITS

National Instruments

Trust: 0.3

sources: BID: 61835

SOURCES

db:	BID	id:	61835
db:	JVNDB	id:	JVNDB-2013-003662
db:	CNNVD	id:	CNNVD-201308-069
db:	NVD	id:	CVE-2013-5024

LAST UPDATE DATE

2025-04-11T23:02:56.960000+00:00

SOURCES UPDATE DATE

db:	BID	id:	61835	date:	2015-03-19T08:31:00
db:	JVNDB	id:	JVNDB-2013-003662	date:	2013-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201308-069	date:	2013-09-16T00:00:00
db:	NVD	id:	CVE-2013-5024	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	BID	id:	61835	date:	2013-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-003662	date:	2013-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201308-069	date:	2013-08-23T00:00:00
db:	NVD	id:	CVE-2013-5024	date:	2013-08-06T20:55:05.477