CVE-2007-2964

F-secure Policy Manager < 7.00 - Denial of Service

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2964. PoCs published by David Maciejak.

AI-analyzed exploit summary This NASL script exploits a denial-of-service vulnerability in F-Secure Policy Manager by sending a crafted request to the fsmsh.dll CGI module, causing the service to crash. It checks for vulnerable versions and triggers the DoS by querying a MS-DOS device name.

Description

The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by David Maciejak · doswindows

https://www.exploit-db.com/exploits/30104

View Code ZIP pw:eip

This NASL script exploits a denial-of-service vulnerability in F-Secure Policy Manager by sending a crafted request to the fsmsh.dll CGI module, causing the service to crash. It checks for vulnerable versions and triggers the DoS by querying a MS-DOS device name.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: F-Secure Policy Manager Server < 7.01

No auth needed

Prerequisites: Network access to the F-Secure Policy Manager Server on port 80

MITRE ATT&CK