Design/Logic Flaw

2017-12-0321:29:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.915 High

EPSS

Percentile

98.9%

JSON

There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account.

CPENameOperatorVersion
syncbreezeeq10.1.16

CPE	Name	Operator	Version
	syncbreeze	eq	10.1.16

References

packetstormsecurity.com/files/144586/Sync-Breeze-Enterprise-10.1.16-SEH-Overflow.html

www.exploit-db.com/exploits/42984/