CVE-2017-17099

Name of the Vulnerable Software and Affected Versions Flexense SyncBreeze Enterprise version 10.1.16

Description The issue is related to an unauthenticated SEH based Buffer Overflow in the HTTP server. It can be triggered by sending a GET request with an excessive length, allowing a malicious user to overwrite the SEH record and potentially execute a payload under the Windows SYSTEM account.

Recommendations For Flexense SyncBreeze Enterprise version 10.1.16, consider restricting access to the HTTP server until a patch is available. As a temporary workaround, limiting the length of incoming GET requests may help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.