Posted on Leave a comment


An exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.