CVE-2017-7230
CRITICALDisk Sorter Enterprise <9.5.12 - RCE
Title source: llmDescription
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Daniel Teixeira · pythonremotewindows
https://www.exploit-db.com/exploits/41666
metasploit
WORKING POC
GREAT
by Daniel Teixeira · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/disksorter_bof.rb
Scores
CVSS v3
9.8
EPSS
0.6564
EPSS Percentile
98.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
disksorter/disk_sorter
< 9.5.12
Published
Mar 22, 2017
Tracked Since
Feb 18, 2026