CVE-2013-0726

ERDAS ER Viewer <13.00.0001 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-0726. PoCs published by Metasploit, Parvez Anwar, juan vazquez, including Metasploit module exploits/windows/fileformat/erdas_er_viewer_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in ERS Viewer 2011 (v11.04) via a maliciously crafted .ers file, leading to arbitrary code execution. The exploit leverages a vulnerable function in ermapper_u.dll and includes a custom NOP sled to maintain ESP integrity.

Description

Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathname in an ERS file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/25448

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in ERS Viewer 2011 (v11.04) via a maliciously crafted .ers file, leading to arbitrary code execution. The exploit leverages a vulnerable function in ermapper_u.dll and includes a custom NOP sled to maintain ESP integrity.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ERS Viewer 2011 (v11.04)

No auth needed

Prerequisites: Victim must open a maliciously crafted .ers file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Parvez Anwar, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/erdas_er_viewer_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in ERS Viewer 2011 (v11.04) by crafting a malicious .ers file that triggers arbitrary code execution when opened. The exploit leverages a stack-based overflow in the `ERM_convert_to_correct_webpath` function within `ermapper_u.dll`.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ERS Viewer 2011 (v11.04)

No auth needed

Prerequisites: Victim must open a malicious .ers file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51725

Scores

EPSS 0.2797

EPSS Percentile 97.9%

Details

CWE

CWE-119

Status published

Products (1)

hexagon/erdas_er_viewer < 11.04

Published May 05, 2013

Tracked Since Feb 18, 2026