module
ERS Viewer 2013 ERS File Handling Buffer Overflow
| Disclosed | Created |
|---|---|
| 2013-05-23 | 2018-05-30 |
Disclosed
2013-05-23
Created
2018-05-30
Description
This module exploits a buffer overflow vulnerability found in ERS Viewer 2013.
The vulnerability exists in the module ermapper_u.dll, where the function
rf_report_error handles user provided data in an insecure way. It results in
arbitrary code execution under the context of the user viewing a specially crafted
.ers file. This module has been tested successfully with ERS Viewer 2013 (versions
13.0.0.1151) on Windows XP SP3 and Windows 7 SP1.
The vulnerability exists in the module ermapper_u.dll, where the function
rf_report_error handles user provided data in an insecure way. It results in
arbitrary code execution under the context of the user viewing a specially crafted
.ers file. This module has been tested successfully with ERS Viewer 2013 (versions
13.0.0.1151) on Windows XP SP3 and Windows 7 SP1.
Authors
James Fitts
juan vazquez juan.vazquez@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.