Researchers from Cisco Talos discovered a vulnerability (CVE-2017-2779) in the platform for developing LabVIEW 2016 systems. 16. 0, developed by National Instruments. Vulnerability can cause memory corruption and execute arbitrary code on the system. To do this, the victim must open a specially generated file with the extension. VI.

According to the report of Cisco Talos, the vulnerability exists because of the error checking the boundaries of data.

The flaw allows an attacker to overwrite arbitrary memory locations on the system and execute arbitrary code with the privileges of the user launching the vulnerable application. Vulnerability is quite dangerous, since its successful exploitation can allow an attacker to compromise a vulnerable system.

However, National Instruments refused to release the patch, because it does not consider this problem in its product as a vulnerability.

The program LabVIEW is designed for building data acquisition systems, instrument management and industrial automation in various operating systems: Windows, MacOS, Linux and Unix.