Stack-based Buffer Overflow Vulnerability in NI I/O Trace Tool

A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.  Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

栈缓冲区溢出

NI I/O Trace Tool 安全漏洞

NI I/O Trace Tool（National Instruments I/O Trace Tool）是美国国家仪器（NI）公司的一个实用程序。可以用来查看正在进行的 VISA 驱动程序调用情况，传递给 VISA 驱动程序调用的参数以及结果。 NI I/O Trace Tool 24.3及之前版本存在安全漏洞，该漏洞源于缺少边界检查，导致基于堆栈的缓冲区溢出漏洞，攻击者利用该漏洞可能导致任意代码执行。

N/A

N/A