CVE-2013-3482

Hexagon Erdas ER Viewer < 13.0.1.1298 - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/26708

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by James Fitts, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/erdas_er_viewer_rf_report_error.rb

View Code ZIP pw:eip

References (5)

[Exploit] http://www.exploit-db.com/exploits/26708

[Vendor Advisory] http://secunia.com/advisories/53620

[Third Party Advisory, VDB Entry] http://osvdb.org/show/osvdb/93650

[Various Sources] http://attrition.org/pipermail/vim/2013-May/002682.html

[Vendor Advisory] http://www.secunia.com/blog/366

Scores

EPSS 0.6674

EPSS Percentile 98.6%

Details

CWE

CWE-119

Status published

Products (3)

hexagon/erdas_er_viewer 11.04

hexagon/erdas_er_viewer 13.00.0001

hexagon/erdas_er_viewer < 13.0.1.1298

Published Jan 19, 2014

Tracked Since Feb 18, 2026