Vportal

**Name of the Vulnerable Software and Affected Versions** DiskBoss Enterprise versions 7.4.28 DiskBoss Enterprise versions 7.5.12 DiskBoss Enterprise versions 8.2.14 **Description** A stack-based buffer overflow exists in the built-in web interface. The issue stems from improper bounds checking on the path component of HTTP GET requests. A remote, unauthenticated attacker can trigger a buffer overflow by sending a specially crafted long URI, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts. **Recommendations** DiskBoss Enterprise version 7.4.28: At the moment, there is no information about a newer version that contains a fix for this vulnerability. DiskBoss Enterprise version 7.5.12: At the moment, there is no information about a newer version that contains a fix for this vulnerability. DiskBoss Enterprise version 8.2.14: At the moment, there is no information about a newer version that contains a fix for this vulnerability.