← back
CVE-2017-9544

CVE-2017-9544

EPSS 24.1%
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 24.1%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
12 Jun 2017Published on NVD
09 Oct 2017Metasploit module available
Weaponization speed
119 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
Affected products
n/a · n/a