CVE-2024-12741
Deserialization Of Untrusted Data Vulnerability In NI DAQExpress Project File
In short
NI DAQExpress has a flaw that allows attackers to run malicious code on your computer if you open a specially crafted project file. This happens because the software doesn't properly check data before processing it.
Technical detail
A deserialization vulnerability (CWE-502) in NI DAQExpress versions 5.1 and prior allows remote code execution when a user opens a malicious project file. The attack vector is local file interaction; no authentication is required, but user interaction is necessary to open the crafted file. The impact is arbitrary code execution with the privileges of the application user.
Summary generated and translated by AI from the official description.
A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. Please note that DAQExpress is an EOL product and will not receive any updates.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
NI · DAQExpressWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →