CVE-2017-13696

CRITICAL

Flexense Dupscout - Memory Corruption

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2017-13696. PoCs published by Nipun Jaswal, Chance Johnson, Nipun Jaswal & Anurag Srivastava, sickness, Chris Higgins, including Metasploit module exploits/windows/http/disk_pulse_enterprise_get.

AI-analyzed exploit summary This exploit targets a remote SEH buffer overflow in Disk Pulse Enterprise 9.9.16 via a crafted HTTP GET request. It includes a reverse shell payload generated by msfvenom and leverages a specific SEH handler to achieve remote code execution.

Description

A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.

Exploits (7)

exploitdb WORKING POC VERIFIED
by Nipun Jaswal · pythonremotewindows
https://www.exploit-db.com/exploits/42560

This exploit targets a remote SEH buffer overflow in Disk Pulse Enterprise 9.9.16 via a crafted HTTP GET request. It includes a reverse shell payload generated by msfvenom and leverages a specific SEH handler to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Disk Pulse Enterprise v9.9.16
No auth needed
Prerequisites: Disk Pulse Enterprise with web server enabled on a specified port · Network access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Nipun Jaswal · pythonremotewindows
https://www.exploit-db.com/exploits/42557

This exploit targets Dup Scout Enterprise v9.9.14 by sending a maliciously crafted HTTP GET request to trigger a buffer overflow, leading to remote code execution via a reverse shell payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Dup Scout Enterprise v9.9.14
No auth needed
Prerequisites: Web server enabled on the target software · Network access to the target port
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Nipun Jaswal · pythonremotewindows
https://www.exploit-db.com/exploits/42559

This exploit targets a remote SEH buffer overflow in Sync Breeze Enterprise v9.9.16 via a crafted HTTP GET request. It includes a reverse shell payload generated by msfvenom and leverages a structured exception handler (SEH) overwrite to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sync Breeze Enterprise v9.9.16
No auth needed
Prerequisites: Sync Breeze Enterprise v9.9.16 with web server enabled on a specified port · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Nipun Jaswal · pythonremotewindows
https://www.exploit-db.com/exploits/42558

This exploit targets a remote SEH buffer overflow in Disk Savvy Enterprise 9.9.14 via a crafted HTTP GET request. It includes a reverse shell payload generated by msfvenom and leverages a specific SEH handler to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Disk Savvy Enterprise v9.9.14
No auth needed
Prerequisites: Disk Savvy Enterprise with web server enabled on a specific port · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Chance Johnson, Nipun Jaswal & Anurag Srivastava · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/disk_pulse_enterprise_get.rb

This Metasploit module exploits an SEH buffer overflow in Disk Pulse Enterprise 9.9.16 via a crafted HTTP GET request, allowing remote code execution under the NT AUTHORITY\SYSTEM account.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Disk Pulse Enterprise 9.9.16
No auth needed
Prerequisites: Network access to the target's HTTP service (port 80) · Target running Disk Pulse Enterprise 9.9.16
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by sickness, Chris Higgins · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dup_scout_enterprise_login_bof.rb

This Metasploit module exploits a stack buffer overflow in Dup Scout Enterprise's login functionality, allowing remote code execution with SYSTEM privileges. It targets specific versions (9.9.14 and 10.0.18) by sending a maliciously crafted POST request to the login endpoint.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Dup Scout Enterprise <= 10.0.18
No auth needed
Prerequisites: Network access to the target's web interface (port 80) · Target running a vulnerable version of Dup Scout Enterprise
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by vportal, Daniel Teixeira, bcoles · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dupscts_bof.rb

This Metasploit module exploits a stack-based buffer overflow in Dup Scout Enterprise's web interface via a maliciously crafted HTTP GET request, achieving remote code execution as NT AUTHORITY\SYSTEM. It uses SEH overwrites and an egghunter for payload delivery.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Dup Scout Enterprise <= 10.0.18
No auth needed
Prerequisites: Network access to the Dup Scout Enterprise web interface · Target running an x86 version of Windows
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42557
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42560/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42559/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42558/

Scores

CVSS v3 9.8
EPSS 0.7967
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (4)
flexense/diskpulse 9.9.16
flexense/disksavvy 9.9.14
flexense/dupscout 9.9.14
flexense/syncbreeze 9.9.16
Published Jan 24, 2018
Tracked Since Feb 18, 2026