Academic Company Events Community Support Solutions Products & Services Contact NI MyNI
7 ratings:
 4.57 out of 5     Rate this Document

How Does NI Security Update 67L8L0QW for cw3dgrph.ocx Affect Me?



Primary Software: Measurement Studio>>Enterprise Edition (Full Development System)
Primary Software Version: 2013
Primary Software Fixed Version: N/A
Secondary Software: N/A

Problem:
My system requires NI Security Update 67L8L0QW. What actions should I take to eliminate the security vulnerability?

This KnowledgeBase is also available in English, Spanish, French, German, Korean, Japanese, or Chinese.



Solution:
NI has created NI Security Update 67L8L0QW to install a patch that eliminates the vulnerability.

Updating Your System and Deployed Systems

NI Security Update 67L8L0QW is bundled in the NI General Security Patch Q2 2013 along with updates for other common NI ActiveX components. Refer to How Does NI Security Update 67L8K7QW (NI General Security Patch Q2 2013) Affect Me? for more information.

The patch also includes a replacement for the NI component cw3dgrph.ocx, which contains the 3D Graph ActiveX control.

Note: Several NI products install cw3dgrph.ocx. NI Security Update 67L8L0QW is bundled in the NI Security Update 67L8K7QW (NI General Security Patch Q2 2013) along with updates for other common NI ActiveX components.

The replacement component is not vulnerable to the security issue and is not affected by the kill bits, but installing it might require special action on your part to restore functionality in some applications, web pages, or documents.

Applications, Web Pages, or Documents that Use the ExportStyle Method

NI has changed the ExportStyle method to export files only into directories you specify explicitly. If your application uses the ExportStyle method, you might see the following error after installing NI Security Update 67L8LIQW:

Access denied. Visit ni.com/info and enter info code SecurityUpdateActiveXUIMay13_en for more information.

If you see this error as the result of your application calling the ExportStyle method of a cw3dgrph.ocx control, complete the steps below to re-enable the functionality. If you see this error as a result of calling another member of cw3dgrph.ocx, the error is unrelated to the security patch. In this case, contact National Instruments support.

How to Re-enable the ExportStyle Method

Caution: This procedure requires that you modify the Windows registry. Serious problems might occur if you modify the registry incorrectly. NI recommends that you back up the registry before you modify it. For more information about how to back up and restore the registry, refer to Microsoft KnowledgeBase 322756: How to back up and restore the registry in Windows.
  1. Use the Windows Registry Editor to locate the following registry key:
    On 64-bit Windows operating systems:
    HKLM\SOFTWARE\Wow6432Node\National Instruments\ComponentWorks\CW3DGRPH\UnlockSettings\ExportStyle
    On 32-bit Windows operating systems:
    HKLM\SOFTWARE\National Instruments\ComponentWorks\CW3DGRPH\UnlockSettings\ExportStyle
  2. Create an AllowedFolders value of type REG_SZ.
  3. Set the value of AllowedFolders to a semicolon-separated list of directories in which you want to allow the ExportStyle method to write files. Each directory must be specified as an absolute path. Caution: Applications that host the 3D Graph ActiveX control will be able to write files to these directories. NI recommends that you specify only directories that you dedicate for use by ExportStyle.
  4. If you want to allow the use of ExportStyle in web pages or documents that Microsoft Internet Explorer or Microsoft Office loads from the Internet Security Zone, refer to the Web Pages or Documents that Use Disabled API Members section below.

Web Pages or Documents that Use Disabled API Members

NI has disabled certain functionality of the 3D Graph ActiveX control when used in web pages and documents that Microsoft Internet Explorer or Microsoft Office loads from the Internet Security Zone. After installing NI Security Update 67L8LIQW, web pages or documents that use the 3D Graph ActiveX control might display the following error:

Access denied. Visit ni.com/info and enter info code SecurityUpdateActiveXUIMay13_en for more information.

If you see any of these behaviors, National Instruments recommends that you take one of the following actions:

  • Modify your web pages or documents so that they do not use the disabled API members.
  • Establish practices that use standard security features offered in Microsoft Windows, Microsoft Internet Explorer, and/or Microsoft Office to limit cw3dgrph.ocx usage to your authorized web pages and documents. For further information, or, if you do not find either of these two approaches acceptable, contact NI support at ni.com/contact and refer to this KnowledgeBase article.

Background

A security vulnerability exists in several NI ActiveX components installed with National Instruments software products on Microsoft Windows operating systems. These components are vulnerable to attacks through Microsoft Internet Explorer and Microsoft Office. Refer to Software Vulnerability NI-64BG6SWQ-2 for cw3dgrph.ocx for more information.

For Windows 2000 users

NI has released a separate security update for Windows 2000 users. Refer to How Do Microsoft “Kill Bits” Affect NI ActiveX Components? to obtain the update. The update closes the security vulnerability but does not include a replacement for cw3dgrph.ocx. If you are using the ActiveX 3D Graph control in web pages or documents loaded in Microsoft Internet Explorer or Microsoft Office from the Internet Security Zone and need the replacement component, contact National Instruments support.

Related Links:
KnowledgeBase 67L8N7QW: How Do the NI Q2 2013 Security Updates Affect Me?
KnowledgeBase 67L8K7QW: How Does NI Security Update 67L8K7QW (NI General Security Patch Q2 2013) Affect Me?
KnowledgeBase 67L8LCQW: How Do Microsoft “Kill Bits” Affect NI ActiveX Components?
KnowledgeBase 67L8OHQW: How Do I Apply NI Q2 2013 Security Updates On System Without NI Update Service Installed?
KnowledgeBase 68OCH2QW: How Do I Update Deployed Systems And My Distribution Installers With The NI Q2 2013 Security Updates?
KnowledgeBase 68OCIGQW: How Do I Re-Enable NI ActiveX Components in Microsoft Internet Explorer or Microsoft Office That Were Disabled By the NI Kill Bit Patch Q2 2013?
KnowledgeBase 67L8IQQW: How Does NI Security Update 67L8LIQW for cwui.ocx Affect Me?
KnowledgeBase 68OCGOQW: Why Have My ActiveX User Interface Controls Stopped Working?
Knowledgebase 6CP7P755: What Is the Nature of Software Vulnerability NI-64BG6SWQ-2?

Attachments:





Report Date: 03/22/2013
Last Updated: 08/26/2013
Document ID: 67L8L0QW

Your Feedback! poor Poor  |  Excellent excellent   Yes No
 Document Quality? 
 Answered Your Question? 
  1 2 3 4 5
Please Contact NI for all product and support inquiries.submit