Computer Associates ERwin Process Modeler MERGEOLF.EXE Buffer Overflow Vulnerability

Computer Associates ERwin Process Modeler MERGEOLF.EXE Buffer Overflow Vulnerability

Computer Associates ERwin Process Modeler is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts likely result in a denial-of-service condition.

This issue affects ERwin Process Modeler 7.1; other versions may also be affected.