Vulnerability Details CVE-2017-7310
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.866
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://www.diskboss.com/news.html
- http://www.diskpulse.com/news.html
- http://www.disksavvy.com/news.html
- http://www.disksorter.com/news.html
- http://www.dupscout.com/news.html
- http://www.securityfocus.com/bid/97237
- http://www.syncbreeze.com/news.html
- http://www.vxsearch.com/news.html
- https://www.exploit-db.com/exploits/41771/
- https://www.exploit-db.com/exploits/41772/
- https://www.exploit-db.com/exploits/41773/
- https://www.exploit-db.com/exploits/43875/
- https://www.exploit-db.com/exploits/44157/
- http://www.diskboss.com/news.html
- http://www.diskpulse.com/news.html
- http://www.disksavvy.com/news.html
- http://www.disksorter.com/news.html
- http://www.dupscout.com/news.html
- http://www.securityfocus.com/bid/97237
- http://www.syncbreeze.com/news.html
- http://www.vxsearch.com/news.html
- https://www.exploit-db.com/exploits/41771/
- https://www.exploit-db.com/exploits/41772/
- https://www.exploit-db.com/exploits/41773/
- https://www.exploit-db.com/exploits/43875/
- https://www.exploit-db.com/exploits/44157/
Products affected by CVE-2017-7310
-
cpe:2.3:a:flexense:diskboss:7.8.16
-
cpe:2.3:a:flexense:disksorter:9.5.12
-
cpe:2.3:a:flexense:syncbreeze:9.5.16