CVE-2013-5026

An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.ocx in National Instruments Lookout 6.5 through 6.7 allows remote attackers to execute arbitrary code by triggering the download of, and calls to, an arbitrary DLL file.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://digital.ni.com/public.nsf/allkb/544407ECC5FEE44086257BCF00735D1F?OpenDocument
http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument	Patch
http://digital.ni.com/public.nsf/websearch/A792DE0703C8108786257B3600506077?OpenDocument	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ni:lookout:6.5:::::::*
	cpe:2.3:a:ni:lookout:6.6:::::::*
	cpe:2.3:a:ni:lookout:6.7:::::::*

History

No history.

Information

Published : 2013-08-06 20:55

Updated : 2013-09-18 03:30

NVD link : CVE-2013-5026

Mitre link : CVE-2013-5026

CVE.ORG link : CVE-2013-5026

JSON object : View

Products Affected

ni

lookout

CWE

NVD-CWE-noinfo

{"id": "CVE-2013-5026", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-08-06T20:55:05.530", "references": [{"url": "http://digital.ni.com/public.nsf/allkb/544407ECC5FEE44086257BCF00735D1F?OpenDocument", "source": "cve@mitre.org"}, {"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://digital.ni.com/public.nsf/websearch/A792DE0703C8108786257B3600506077?OpenDocument", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.ocx in National Instruments Lookout 6.5 through 6.7 allows remote attackers to execute arbitrary code by triggering the download of, and calls to, an arbitrary DLL file."}, {"lang": "es", "value": "Un control ActiveX en los archivos lookout650.ocx, lookout660.ocx y lookout670.ocx en Lookout de National Instruments versiones 6.5 hasta 6.7, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario activando la descarga de las llamadas hacia un archivo DLL arbitrario."}], "lastModified": "2013-09-18T03:30:09.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ni:lookout:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3633BF4C-623F-48E4-A89B-118A3ACB9D2E"}, {"criteria": "cpe:2.3:a:ni:lookout:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86CD3849-E24D-4115-BB44-93BAB95EA70D"}, {"criteria": "cpe:2.3:a:ni:lookout:6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE1B3D04-F37B-493D-B9C3-3739777EB4FD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}