CVE-2017-9544
CVE-2017-9544
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 24.1%KEV nãoPoC —Nuclei —Metasploit simPatch —
Lifecycle
12 Jun 2017Published on NVD
09 Oct 2017Metasploit module available
Weaponization speed
119 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
Affected products
n/a · n/a