Vulnerability Details : CVE-2013-5447
Public exploit exists!
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-5447
- cpe:2.3:a:ibm:forms_viewer:4.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:forms_viewer:4.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:forms_viewer:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:forms_viewer:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:forms_viewer:8.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5447
96.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-5447
-
IBM Forms Viewer Unicode Buffer Overflow
Disclosure Date: 2013-12-05First seen: 2020-04-26exploit/windows/fileformat/ibm_forms_viewer_fontnameThis module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of a strcpy-like function, and occurs while parsing malformed XFDL files containing a long fontname value. This module has been tested successfully on IBM
CVSS scores for CVE-2013-5447
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-5447
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5447
-
http://packetstormsecurity.com/files/124658
IBM Forms Viewer Unicode Buffer Overflow ≈ Packet Storm
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/87911
IBM Forms Viewer XFDL buffer overflow CVE-2013-5447 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21657500
IBM Security Bulletin: IBM Forms Viewer stack buffer overflow identified (CVE-2013-5447)Vendor Advisory
-
http://www.exploit-db.com/exploits/30789
IBM Forms Viewer - Unicode Buffer Overflow (Metasploit) - Windows local Exploit
-
http://www-01.ibm.com/support/docview.wss?uid=swg1LO78184
IBM notice: The page you requested cannot be displayed
-
http://www.zerodayinitiative.com/advisories/ZDI-13-274/
ZDI-13-274 | Zero Day Initiative
Jump to