PT-2017-17655 · Flexense · Syncbreeze+6

Daniel Teixeira

·

Published

2017-03-29

·

Updated

2018-03-08

·

CVE-2017-7310

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SyncBreeze versions prior to 10.6 DiskSorter versions prior to 10.6 DiskBoss versions prior to 8.9 DiskPulse versions prior to 10.6 DiskSavvy versions prior to 10.6 DupScout versions prior to 10.6 VX Search versions prior to 10.6
Description A buffer overflow issue in the Import Command allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
Recommendations For SyncBreeze versions prior to 10.6, update to version 10.6 or later. For DiskSorter versions prior to 10.6, update to version 10.6 or later. For DiskBoss versions prior to 8.9, update to version 8.9 or later. For DiskPulse versions prior to 10.6, update to version 10.6 or later. For DiskSavvy versions prior to 10.6, update to version 10.6 or later. For DupScout versions prior to 10.6, update to version 10.6 or later. For VX Search versions prior to 10.6, update to version 10.6 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-7310

Affected Products

Diskboss
Diskpulse
Disksavvy
Disksorter
Dupscout
Syncbreeze
Vx Search