CVE-2017-7310
CVE-2017-7310
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 53.7%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
29 Mar 2017Metasploit module available
29 Mar 2017Public PoC
29 Mar 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
Affected products
n/a · n/apublic PoCs found — 8
cve_referencewww.exploit-db.com/exploits/41771/unverifiedcve_referencewww.exploit-db.com/exploits/41772/unverifiedcve_referencewww.exploit-db.com/exploits/41773/unverifiedcve_referencewww.exploit-db.com/exploits/43875/unverifiedcve_referencewww.exploit-db.com/exploits/44157/unverifiedexploitdbwww.exploit-db.com/exploits/43875unverifiedexploitdbwww.exploit-db.com/exploits/41773unverifiedexploitdbwww.exploit-db.com/exploits/44157unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
https://www.exploit-db.com/exploits/41771/https://www.exploit-db.com/exploits/41772/https://www.exploit-db.com/exploits/41773/https://www.exploit-db.com/exploits/43875/https://www.exploit-db.com/exploits/44157/http://www.diskboss.com/news.htmlhttp://www.diskpulse.com/news.htmlhttp://www.disksavvy.com/news.htmlhttp://www.disksorter.com/news.htmlhttp://www.dupscout.com/news.htmlhttp://www.securityfocus.com/bid/97237http://www.syncbreeze.com/news.html