CVE-2017-7310

Exploitation Summary

EIP tracks 7 public exploits for CVE-2017-7310. PoCs published by Metasploit, Daniel Teixeira, including Metasploit module exploits/windows/fileformat/dupscout_xml.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 via a maliciously crafted XML file. It leverages SEH overwrites and a JMP ESP technique to achieve remote code execution.

Description

A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.

Exploits (7)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/43875

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 via a maliciously crafted XML file. It leverages SEH overwrites and a JMP ESP technique to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sync Breeze Enterprise 9.5.16

No auth needed

Prerequisites: Victim must open the malicious XML file in Sync Breeze Enterprise

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Daniel Teixeira · pythonlocalwindows

https://www.exploit-db.com/exploits/41772

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in DiskBoss Enterprise v7.8.16 via the 'Import Command' feature. It leverages a JMP ESP instruction and a custom shellcode to execute calc.exe, demonstrating arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DiskBoss Enterprise v7.8.16

No auth needed

Prerequisites: DiskBoss Enterprise v7.8.16 installed on Windows 7 SP1 x86 · Ability to deliver malicious XML file to the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Daniel Teixeira · pythonlocalwindows

https://www.exploit-db.com/exploits/41771

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in DiskSorter Enterprise 9.5.12 via the 'Import Command' feature, leveraging SEH overwrite and shellcode execution to spawn calc.exe. It uses a structured payload with NOPs, JMP ESP, and a custom shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DiskSorter Enterprise 9.5.12

No auth needed

Prerequisites: Victim must open the malicious XML file in DiskSorter Enterprise

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Daniel Teixeira · pythonlocalwindows

https://www.exploit-db.com/exploits/41773

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Sync Breeze Enterprise 9.5.16 via the 'Import Command' feature. It leverages SEH overwrites and shellcode execution to spawn calc.exe, demonstrating arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sync Breeze Enterprise 9.5.16

No auth needed

Prerequisites: Target must be running Sync Breeze Enterprise 9.5.16 on Windows 7 SP1 x86 · Attacker must deliver the malicious XML file to the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Daniel Teixeira · pythonremotewindows

https://www.exploit-db.com/exploits/44157

View Code ZIP pw:eip

This exploit leverages a buffer overflow in Disk Pulse Enterprise v10.4.18 via a malformed XML file to achieve remote code execution. It uses SEH overwrite and shellcode execution to spawn calc.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Disk Pulse Enterprise v10.4.18

No auth needed

Prerequisites: Victim must open the malicious XML file in Disk Pulse Enterprise

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Daniel Teixeira · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/dupscout_xml.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Dup Scout Enterprise v10.4.16 via a maliciously crafted XML file. It leverages SEH overwrites and a JMP ESP instruction to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Dup Scout Enterprise v10.4.16

No auth needed

Prerequisites: Victim must open the malicious XML file in Dup Scout Enterprise

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Daniel Teixeira · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/syncbreeze_xml.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 via a maliciously crafted XML file. It leverages SEH overwrites and a JMP ESP technique to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sync Breeze Enterprise 9.5.16

No auth needed

Prerequisites: Target must import the malicious XML file

MITRE ATT&CK