module
ERS Viewer 2011 ERS File Handling Buffer Overflow
Disclosed | Created |
---|---|
2013-04-23 | 2018-05-30 |
Disclosed
2013-04-23
Created
2018-05-30
Description
This module exploits a buffer overflow vulnerability found in ERS Viewer 2011
(version 11.04). The vulnerability exists in the module ermapper_u.dll where the
function ERM_convert_to_correct_webpath handles user provided data in an insecure
way. It results in arbitrary code execution under the context of the user viewing
a specially crafted .ers file. This module has been tested successfully with ERS
Viewer 2011 (version 11.04) on Windows XP SP3 and Windows 7 SP1.
(version 11.04). The vulnerability exists in the module ermapper_u.dll where the
function ERM_convert_to_correct_webpath handles user provided data in an insecure
way. It results in arbitrary code execution under the context of the user viewing
a specially crafted .ers file. This module has been tested successfully with ERS
Viewer 2011 (version 11.04) on Windows XP SP3 and Windows 7 SP1.
Authors
Parvez Anwar
juan vazquez juan.vazquez@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.