Vulnerability Details : CVE-2017-7310
Public exploit exists!
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
Vulnerability category: OverflowExecute code
Products affected by CVE-2017-7310
- cpe:2.3:a:flexense:syncbreeze:9.5.16:*:*:*:enterprise:*:*:*
- cpe:2.3:a:flexense:disksorter:9.5.12:*:*:*:enterprise:*:*:*
- cpe:2.3:a:flexense:diskboss:7.8.16:*:*:*:enterprise:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7310
86.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-7310
-
Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow
Disclosure Date: 2017-03-29First seen: 2020-04-26exploit/windows/fileformat/dupscout_xmlThis module exploits a buffer overflow in Dup Scout Enterprise v10.4.16 by using the import command option to import a specially crafted xml file. Authors: - Daniel Teixeira -
Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow
Disclosure Date: 2017-03-29First seen: 2020-04-26exploit/windows/fileformat/syncbreeze_xmlThis module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file. Authors: - Daniel Teixeira
CVSS scores for CVE-2017-7310
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-7310
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7310
-
http://www.diskpulse.com/news.html
DiskPulse - Disk Change Monitor - News
-
http://www.securityfocus.com/bid/97237
Multiple Flexense Products CVE-2017-7310 Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/41772/
DiskBoss Enterprise 7.8.16 - 'Import Command' Local Buffer OverflowExploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/44157/
Disk Pulse Enterprise 10.4.18 - 'Import Command' Buffer Overflow (SEH)
-
http://www.syncbreeze.com/news.html
SyncBreeze - File Synchronization - News
-
https://www.exploit-db.com/exploits/41773/
Sync Breeze Enterprise 9.5.16 - 'Import Command' Local Buffer OverflowExploit;Third Party Advisory;VDB Entry
-
http://www.diskboss.com/news.html
DiskBoss - Data Management Solution - News
-
https://www.exploit-db.com/exploits/43875/
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit)
-
http://www.disksavvy.com/news.html
DiskSavvy - Disk Space Analyzer - News
-
http://www.disksorter.com/news.html
DiskSorter - File Classification - News
-
https://www.exploit-db.com/exploits/41771/
Disk Sorter Enterprise 9.5.12 - 'Import Command' Local Buffer OverflowExploit;Third Party Advisory;VDB Entry
-
http://www.dupscout.com/news.html
DupScout - Duplicate Files Finder - News
-
http://www.vxsearch.com/news.html
VX Search - File Search - News
Jump to