ERDAS ER viewerd contains a DLL hijacking vulnerability caused by loading dwmapi.dll and irml.dll in an insecure fashion. A remote attacker may exploit this vulnerability by convincing a target to open an .alg, .doq, .ecw, .ers, .hdr, .j2c, .j2k, .jp2, .jpc, .jpf, .jpx, .ntf, or .otdf file on a remote share (WebDAV, SMB). If successful, a remote attacker may arbitrarily execute code within the context of the currently logged on user.
ERDAS ER Viewer 13.x and possibly other versions
Remote Code Execution
An attacker could convince a target user to open a specific filetype located on a remote share, which is in the same folder as a maliciously crafted DLL. This DLL would then be loaded, granting a remote attacker arbitrary code execution within the context of the currently logged on user.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 31591 - ERDAS ER Viewer Insecure Library Loading (20131121) (Zero-Day)