CVE-2015-8277

CRITICAL

Flexera FlexNet Publisher <11.13.1.2 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8277. PoCs published by securifera.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2015-8277, targeting the Flexera License Manager (lmgrd) bundled with ArcGIS 10.3.1. The exploit uses a brute-force ROP chain to achieve remote code execution on Windows 7 x86 systems.

Description

Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.

Exploits (1)

nomisec WORKING POC 3 stars

by securifera · poc

https://github.com/securifera/CVE-2015-8277-Exploit

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2015-8277, targeting the Flexera License Manager (lmgrd) bundled with ArcGIS 10.3.1. The exploit uses a brute-force ROP chain to achieve remote code execution on Windows 7 x86 systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Flexera License Manager (lmgrd) version 11.12.1.2 (bundled with ArcGIS 10.3.1)

No auth needed

Prerequisites: Network access to the target system · Target system running Windows 7 x86 · Flexera License Manager (lmgrd) version 11.12.1.2

MITRE ATT&CK