Disk Savvy Enterprise GET buffer overflow

2016-12-01T00:00:00
ID SAINT:034ED659F25F177FC2273BCFCFDC70D0
Type saint
Reporter SAINT Corporation
Modified 2016-12-01T00:00:00

Description

Added: 12/01/2016

Background

Disk Savvy Enterprise is a disk space usage analyzer.

Problem

A buffer overflow in Disk Savvy Enterprise when handling GET requests could allow remote code execution.

Resolution

Upgrade to a version higher than 9.1.14 when available.

References

<https://www.exploit-db.com/exploits/40854/>

Limitations

Exploit works on Disk Savvy Enterprise 9.1.14 on Windows XP SP3 and Windows 7 Professional.

Platforms

Windows