Vulnerability Details : CVE-2017-7310
Public exploit exists!
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2017-7310
Probability of exploitation activity in the next 30 days: 93.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2017-7310
-
Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow
Disclosure Date: 2017-03-29First seen: 2020-04-26exploit/windows/fileformat/dupscout_xmlThis module exploits a buffer overflow in Dup Scout Enterprise v10.4.16 by using the import command option to import a specially crafted xml file. Authors: - Daniel Teixeira -
Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow
Disclosure Date: 2017-03-29First seen: 2020-04-26exploit/windows/fileformat/syncbreeze_xmlThis module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file. Authors: - Daniel Teixeira
CVSS scores for CVE-2017-7310
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-7310
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7310
-
http://www.diskpulse.com/news.html
DiskPulse - Disk Change Monitor - News
-
http://www.securityfocus.com/bid/97237
Multiple Flexense Products CVE-2017-7310 Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/41772/
DiskBoss Enterprise 7.8.16 - 'Import Command' Local Buffer OverflowExploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/44157/
Disk Pulse Enterprise 10.4.18 - 'Import Command' Buffer Overflow (SEH)
-
http://www.syncbreeze.com/news.html
SyncBreeze - File Synchronization - News
-
https://www.exploit-db.com/exploits/41773/
Sync Breeze Enterprise 9.5.16 - 'Import Command' Local Buffer OverflowExploit;Third Party Advisory;VDB Entry
-
http://www.diskboss.com/news.html
DiskBoss - Data Management Solution - News
-
https://www.exploit-db.com/exploits/43875/
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit)
-
http://www.disksavvy.com/news.html
DiskSavvy - Disk Space Analyzer - News
-
http://www.disksorter.com/news.html
DiskSorter - File Classification - News
-
https://www.exploit-db.com/exploits/41771/
Disk Sorter Enterprise 9.5.12 - 'Import Command' Local Buffer OverflowExploit;Third Party Advisory;VDB Entry
-
http://www.dupscout.com/news.html
DupScout - Duplicate Files Finder - News
-
http://www.vxsearch.com/news.html
VX Search - File Search - News
Products affected by CVE-2017-7310
- cpe:2.3:a:flexense:syncbreeze:9.5.16:*:*:*:enterprise:*:*:*
- cpe:2.3:a:flexense:disksorter:9.5.12:*:*:*:enterprise:*:*:*
- cpe:2.3:a:flexense:diskboss:7.8.16:*:*:*:enterprise:*:*:*