Buffer Overflow Vulnerability in SyncBreeze, DiskSorter, DiskBoss, DiskPulse, DiskSavvy, DupScout, and VX Search
CVE-2017-7310

7.8HIGH

Key Information:

Vendor: Flexense
Status: Syncbreeze; Diskboss; Disksorter
Vendor: CVE Published:; 29 March 2017

What is CVE-2017-7310?

A buffer overflow vulnerability exists in the Import Command of multiple applications, including SyncBreeze, DiskSorter, DiskBoss, DiskPulse, DiskSavvy, DupScout, and VX Search. Exploitation of this vulnerability allows attackers to execute arbitrary code by sending a specially crafted XML file that contains an excessively long name attribute within a classify element. This may lead to unauthorized access and manipulation of system resources, posing significant risks to users who have not applied the necessary updates.

References

https://www.exploit-db.com/exploits/41771/

exploitx_refsource_EXPLOIT-DB

https://www.exploit-db.com/exploits/43875/

exploitx_refsource_EXPLOIT-DB

https://www.exploit-db.com/exploits/44157/

exploitx_refsource_EXPLOIT-DB

EPSS Score

86% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2017
Vulnerability Reserved
Mar 29, 2017

Flexense

What is CVE-2017-7310?

References

EPSS Score

CVSS V3.1

Timeline