Heap-Based Buffer Overflow Vulnerability in Rapid7 AppSpider Pro
CVE-2017-5240

7.5HIGH

Key Information:

Vendor: Rapid7
Status: Appspider Pro
Vendor: CVE Published:; 3 May 2017

What is CVE-2017-5240?

A vulnerability in Rapid7 AppSpider Pro prior to version 6.14.060 allows for a heap-based buffer overflow within the FLAnalyzer.exe component. This flaw can be exploited through a malicious or malformed Flash source file, leading to a denial of service scenario as the application may crash when handling such files. Proper measures should be taken to ensure version updates and protect systems from this and similar vulnerabilities.

Affected Version(s)

AppSpider Pro All version prior to 6.14.060

References

https://community.rapid7.com/docs/DOC-3631

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2017
Vulnerability Reserved
Jan 9, 2017