Vulnerability Details : CVE-2013-0726
Public exploit exists!
Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathname in an ERS file.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-0726
- cpe:2.3:a:hexagon:erdas_er_viewer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0726
66.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-0726
-
ERS Viewer 2011 ERS File Handling Buffer Overflow
Disclosure Date: 2013-04-23First seen: 2020-04-26exploit/windows/fileformat/erdas_er_viewer_bofThis module exploits a buffer overflow vulnerability found in ERS Viewer 2011 (version 11.04). The vulnerability exists in the module ermapper_u.dll where the function ERM_convert_to_correct_webpath handles user provided data in an insecure way. It results in arbit
CVSS scores for CVE-2013-0726
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-0726
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0726
-
http://secunia.com/advisories/51725
Sign inVendor Advisory
Jump to