BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

ERDAS ER Viewer Insecure Library Loading

Disclosed November 21, 2013    Zeroday : 243 days

Vulnerability Description:

ERDAS ER viewerd contains a DLL hijacking vulnerability caused by loading dwmapi.dll and irml.dll in an insecure fashion. A remote attacker may exploit this vulnerability by convincing a target to open an .alg, .doq, .ecw, .ers, .hdr, .j2c, .j2k, .jp2, .jpc, .jpf, .jpx, .ntf, or .otdf file on a remote share (WebDAV, SMB). If successful, a remote attacker may arbitrarily execute code within the context of the currently logged on user.

Vendors:

Intergraph Corporation

Vulnerable Software/Devices:

ERDAS ER Viewer 13.x and possibly other versions

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Remote Code Execution
An attacker could convince a target user to open a specific filetype located on a remote share, which is in the same folder as a maliciously crafted DLL. This DLL would then be loaded, granting a remote attacker arbitrary code execution within the context of the currently logged on user.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 31591 - ERDAS ER Viewer Insecure Library Loading (20131121) (Zero-Day)

Mitigation:

Disable WebDAV.

CVE(s):