CVE-2014-3791

Efssoft Easy File Sharing Web Server - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.

Exploits (2)

exploitdb WORKING POC VERIFIED

by superkojiman · pythonremotewindows

https://www.exploit-db.com/exploits/33352

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by superkojiman, Julien Ahrens · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/efs_fmws_userid_bof.rb

View Code ZIP pw:eip

References (5)

[Exploit] http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day

[Third Party Advisory, VDB Entry] http://osvdb.org/show/osvdb/106965

[Exploit] http://packetstormsecurity.com/files/126614/Easy-File-Sharing-Web-Server-6.8-Buffer-Overflow.html

[Exploit] http://www.exploit-db.com/exploits/33352

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67406

Scores

EPSS 0.7723

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (1)

efssoft/easy_file_sharing_web_server 6.8

Published May 20, 2014

Tracked Since Feb 18, 2026