CVE-2017-7310

high-risk
Published 2017-03-29

A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.

Do I need to act?

!
86.6% chance of exploitation in next 30 days
EPSS score — higher than 13% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
3 public exploits available
43875, 41773, 44157
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (3)

Affected Vendors

Flexense

References (26)

http://www.diskboss.com/news.html
http://www.diskpulse.com/news.html
http://www.disksavvy.com/news.html
http://www.disksorter.com/news.html
http://www.dupscout.com/news.html
Third Party Advisory http://www.securityfocus.com/bid/97237
http://www.syncbreeze.com/news.html
http://www.vxsearch.com/news.html
Exploit https://www.exploit-db.com/exploits/41771/
Exploit https://www.exploit-db.com/exploits/41772/
Exploit https://www.exploit-db.com/exploits/41773/
https://www.exploit-db.com/exploits/43875/
https://www.exploit-db.com/exploits/44157/
http://www.diskboss.com/news.html
http://www.diskpulse.com/news.html
http://www.disksavvy.com/news.html
http://www.disksorter.com/news.html
http://www.dupscout.com/news.html
Third Party Advisory http://www.securityfocus.com/bid/97237
http://www.syncbreeze.com/news.html
and 6 more references
60
/ 100
high-risk
Severity 24/34 · High
Exploitability 27/34 · High
Exposure 9/34 · Low