CVE-2017-7310

Sažetak

A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.

Reference

http://www.diskboss.com/news.html
http://www.diskpulse.com/news.html
http://www.disksavvy.com/news.html
http://www.disksorter.com/news.html
http://www.dupscout.com/news.html
http://www.securityfocus.com/bid/97237
http://www.syncbreeze.com/news.html
http://www.vxsearch.com/news.html
https://www.exploit-db.com/exploits/41771/
https://www.exploit-db.com/exploits/41772/
https://www.exploit-db.com/exploits/41773/
https://www.exploit-db.com/exploits/43875/
https://www.exploit-db.com/exploits/44157/

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-03-2018 - 02:29

Objavljeno

29-03-2017 - 21:59