CVE-2017-7310
HIGHSyncBreeze <10.6 - Buffer Overflow
Title source: llmDescription
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
Exploits (7)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/43875
exploitdb
WORKING POC
VERIFIED
by Daniel Teixeira · pythonlocalwindows
https://www.exploit-db.com/exploits/41772
exploitdb
WORKING POC
VERIFIED
by Daniel Teixeira · pythonlocalwindows
https://www.exploit-db.com/exploits/41771
exploitdb
WORKING POC
VERIFIED
by Daniel Teixeira · pythonlocalwindows
https://www.exploit-db.com/exploits/41773
exploitdb
WORKING POC
by Daniel Teixeira · pythonremotewindows
https://www.exploit-db.com/exploits/44157
metasploit
WORKING POC
NORMAL
by Daniel Teixeira · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/dupscout_xml.rb
metasploit
WORKING POC
NORMAL
by Daniel Teixeira · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/syncbreeze_xml.rb
References (13)
Scores
CVSS v3
7.8
EPSS
0.8656
EPSS Percentile
99.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (3)
flexense/diskboss
7.8.16
flexense/disksorter
9.5.12
flexense/syncbreeze
9.5.16
Published
Mar 29, 2017
Tracked Since
Feb 18, 2026