CVE-2017-13708

CRITICAL

VX Search Enterprise 10.0.14 - Remote Code Execution via Crafted GET Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-13708. PoCs published by Daniel Teixeira, including Metasploit module exploits/windows/http/vxsrchs_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in VX Search Enterprise v9.5.12 via a maliciously crafted HTTP GET request. It uses an egghunter and SEH overwrite to achieve remote code execution on Windows 7 SP1 x86.

Description

Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request.

Exploits (1)

metasploit WORKING POC GREAT

by Daniel Teixeira · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/vxsrchs_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in VX Search Enterprise v9.5.12 via a maliciously crafted HTTP GET request. It uses an egghunter and SEH overwrite to achieve remote code execution on Windows 7 SP1 x86.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VX Search Enterprise v9.5.12

No auth needed

Prerequisites: Network access to the VX Search Enterprise web interface · Target running Windows 7 SP1 x86

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/143949/VX-Search-Enterprise-10.0.14-Buffer-Overflow.html

Scores

CVSS v3 9.8

EPSS 0.7072

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

vxsearch/vx_search 10.0.14

Published Aug 31, 2017

Tracked Since Feb 18, 2026