CVE-2017-7310
Summary
| CVE | CVE-2017-7310 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-03-29 21:59:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element. |
Risk And Classification
Primary CVSS: v3.0 7.8 HIGH from [email protected]
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Problem Types: CWE-119 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 7.8 | HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Flexense | Diskboss | 7.8.16 | All | All | All |
| Application | Flexense | Disksorter | 9.5.12 | All | All | All |
| Application | Flexense | Syncbreeze | 9.5.16 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit) - Windows local Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | |
| Disk Sorter Enterprise 9.5.12 - 'Import Command' Local Buffer Overflow - Windows local Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| DupScout - Duplicate Files Finder - News | af854a3a-2127-422b-91ae-364da2661108 | www.dupscout.com | |
| Sync Breeze Enterprise 9.5.16 - 'Import Command' Local Buffer Overflow - Windows local Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Disk Pulse Enterprise 10.4.18 - 'Import Command' Buffer Overflow (SEH) - Windows remote Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | |
| SyncBreeze - File Synchronization - News | af854a3a-2127-422b-91ae-364da2661108 | www.syncbreeze.com | |
| DiskPulse - Disk Change Monitor - News | af854a3a-2127-422b-91ae-364da2661108 | www.diskpulse.com | |
| DiskBoss - Data Management Solution - News | af854a3a-2127-422b-91ae-364da2661108 | www.diskboss.com | |
| Multiple Flexense Products CVE-2017-7310 Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| DiskBoss Enterprise 7.8.16 - 'Import Command' Local Buffer Overflow - Windows local Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| VX Search - File Search - News | af854a3a-2127-422b-91ae-364da2661108 | www.vxsearch.com | |
| DiskSorter - File Classification - News | af854a3a-2127-422b-91ae-364da2661108 | www.disksorter.com | |
| DiskSavvy - Disk Space Analyzer - News | af854a3a-2127-422b-91ae-364da2661108 | www.disksavvy.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.