0-day exploit in an open mailing list

Posted: May 30, 2013 in IT Security News
Tags: , , ,

Secunia logoSecunia accidentally published a 0-day exploit in an open mailing list

The Danish company Secunia, which specializes in gathering information about the vulnerabilities in different software products, accidentally sent the  letter to the open mailing list with the description of 0-day vulnerability and exploit.

Yesterday Secunia has officially apologized for the incident and explained that the error was due to the activation of the auto-complete email program. Head of Department Advisory Team named Chaitanya Sharma instead of sending a personal letter to the author exploit sent a letter to a public mailing list.

The exploit got to the Secunia company according to the program of remunerations of Secunia Vulnerability Coordination Reward Program (SVCRP).

In this case, the bug is found in the free program for viewing graphics ERDAS ER Viewer. It is not too well-known program that can open to view files in JPEG 2000, ECW, UDF, ER Mapper and other exotic graphics formats. Developer – U.S. company Intergraph, which creates software for the U.S. military and intelligence, as well as for other customers in the public sector.

The exploit involves the creation of a graphic file ERS, whose opening in the program ERDAS ER Viewer is a buffer overflow in one of the functions of the library ermapper_u.dll.

The developers of ERDAS ER Viewer is notified about the vulnerability and will release a patch.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s