CVE-2013-5578

StarUML - Buffer Overflow in ToDot Method via Long Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5578. PoCs published by d3b4g.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in StarUML's WinGraphviz.dll ActiveX control. The PoC triggers the vulnerability by passing an overly long string to the 'ToDot' method, leading to an access violation and potential remote code execution.

Description

Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.

Exploits (1)

exploitdb WORKING POC

by d3b4g · textdoswindows

https://www.exploit-db.com/exploits/27317

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in StarUML's WinGraphviz.dll ActiveX control. The PoC triggers the vulnerability by passing an overly long string to the 'ToDot' method, leading to an access violation and potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: StarUML (WinGraphviz.dll ActiveX control)

No auth needed

Prerequisites: Victim must have StarUML installed · Victim must visit a malicious webpage or open a malicious HTML file

MITRE ATT&CK

T1189 - Drive-by Compromise T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/27317/

Scores

EPSS 0.0510

EPSS Percentile 91.3%

Details

CWE

CWE-119

Status published

Products (1)

staruml/staruml 5.0.2.1570

Published Aug 25, 2013

Tracked Since Feb 18, 2026