{"api_version":"1","generated_at":"2026-05-13T15:53:48+00:00","cve":"CVE-2017-7310","urls":{"html":"https://cve.report/CVE-2017-7310","api":"https://cve.report/api/cve/CVE-2017-7310.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-7310","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-7310"},"summary":{"title":"CVE-2017-7310","description":"A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.","state":"PUBLISHED","assigner":"mitre","published_at":"2017-03-29 21:59:00","updated_at":"2025-04-20 01:37:25"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://www.exploit-db.com/exploits/43875/","name":"https://www.exploit-db.com/exploits/43875/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit) - Windows local Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/41771/","name":"https://www.exploit-db.com/exploits/41771/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Disk Sorter Enterprise 9.5.12 - 'Import Command' Local Buffer Overflow - Windows local Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.dupscout.com/news.html","name":"http://www.dupscout.com/news.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"DupScout - Duplicate Files Finder - News","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/41773/","name":"https://www.exploit-db.com/exploits/41773/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Sync Breeze Enterprise 9.5.16 - 'Import Command' Local Buffer Overflow - Windows local Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/44157/","name":"https://www.exploit-db.com/exploits/44157/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Disk Pulse Enterprise 10.4.18 - 'Import Command' Buffer Overflow (SEH) - Windows remote Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.syncbreeze.com/news.html","name":"http://www.syncbreeze.com/news.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SyncBreeze - File Synchronization - News","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.diskpulse.com/news.html","name":"http://www.diskpulse.com/news.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"DiskPulse - Disk Change Monitor - News","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.diskboss.com/news.html","name":"http://www.diskboss.com/news.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"DiskBoss - Data Management Solution - News","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/97237","name":"http://www.securityfocus.com/bid/97237","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Multiple Flexense Products CVE-2017-7310 Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.exploit-db.com/exploits/41772/","name":"https://www.exploit-db.com/exploits/41772/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"DiskBoss Enterprise 7.8.16 - 'Import Command' Local Buffer Overflow - Windows local Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vxsearch.com/news.html","name":"http://www.vxsearch.com/news.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VX Search - File Search - News","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.disksorter.com/news.html","name":"http://www.disksorter.com/news.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"DiskSorter - File Classification - News","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.disksavvy.com/news.html","name":"http://www.disksavvy.com/news.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"DiskSavvy - Disk Space Analyzer - News","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-7310","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7310","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"7310","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"flexense","cpe5":"diskboss","cpe6":"7.8.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7310","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"flexense","cpe5":"disksorter","cpe6":"9.5.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7310","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"flexense","cpe5":"syncbreeze","cpe6":"9.5.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T15:56:36.402Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"41771","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/41771/"},{"name":"43875","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/43875/"},{"name":"44157","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/44157/"},{"name":"41773","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/41773/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.dupscout.com/news.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.diskpulse.com/news.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.diskboss.com/news.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vxsearch.com/news.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.disksorter.com/news.html"},{"name":"97237","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/97237"},{"name":"41772","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/41772/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.disksavvy.com/news.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.syncbreeze.com/news.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2017-03-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-03-07T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"41771","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/41771/"},{"name":"43875","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/43875/"},{"name":"44157","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/44157/"},{"name":"41773","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/41773/"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.dupscout.com/news.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.diskpulse.com/news.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.diskboss.com/news.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vxsearch.com/news.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.disksorter.com/news.html"},{"name":"97237","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/97237"},{"name":"41772","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/41772/"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.disksavvy.com/news.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.syncbreeze.com/news.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-7310","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"41771","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/41771/"},{"name":"43875","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/43875/"},{"name":"44157","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/44157/"},{"name":"41773","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/41773/"},{"name":"http://www.dupscout.com/news.html","refsource":"CONFIRM","url":"http://www.dupscout.com/news.html"},{"name":"http://www.diskpulse.com/news.html","refsource":"CONFIRM","url":"http://www.diskpulse.com/news.html"},{"name":"http://www.diskboss.com/news.html","refsource":"CONFIRM","url":"http://www.diskboss.com/news.html"},{"name":"http://www.vxsearch.com/news.html","refsource":"CONFIRM","url":"http://www.vxsearch.com/news.html"},{"name":"http://www.disksorter.com/news.html","refsource":"CONFIRM","url":"http://www.disksorter.com/news.html"},{"name":"97237","refsource":"BID","url":"http://www.securityfocus.com/bid/97237"},{"name":"41772","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/41772/"},{"name":"http://www.disksavvy.com/news.html","refsource":"CONFIRM","url":"http://www.disksavvy.com/news.html"},{"name":"http://www.syncbreeze.com/news.html","refsource":"CONFIRM","url":"http://www.syncbreeze.com/news.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2017-7310","datePublished":"2017-03-29T21:00:00.000Z","dateReserved":"2017-03-29T00:00:00.000Z","dateUpdated":"2024-08-05T15:56:36.402Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-03-29 21:59:00","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flexense:diskboss:7.8.16:*:*:*:enterprise:*:*:*","matchCriteriaId":"6351E0B1-783F-4CF5-9502-BB9FFA6DAFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:flexense:disksorter:9.5.12:*:*:*:enterprise:*:*:*","matchCriteriaId":"6389B596-7090-4F49-B0BB-62815AC21C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:flexense:syncbreeze:9.5.16:*:*:*:enterprise:*:*:*","matchCriteriaId":"DC13BC94-05D2-4355-8220-824CB43CE3A4"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"7310","Ordinal":"1","Title":"CVE-2017-7310","CVE":"CVE-2017-7310","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"7310","Ordinal":"1","NoteData":"A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.","Type":"Description","Title":"CVE-2017-7310"},{"CveYear":"2017","CveId":"7310","Ordinal":"2","NoteData":"2017-03-29","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"7310","Ordinal":"3","NoteData":"2018-03-07","Type":"Other","Title":"Modified"}]}}}