Disk Savvy Enterprise long URI in GET request buffer overflow

Added: 03/16/2017
CVE: CVE-2017-6187
BID: 96401

Background

Disk Savvy Enterprise is a disk space usage analyzer.

Problem

A buffer overflow in the built-in web server in Disk Savvy Enterprise could allow remote code execution when handling a long URI in a GET request.

Resolution

Contact the vendor for a patch or fixed version when available.

References

https://www.exploit-db.com/exploits/41436/

Limitations

The Disk Savvy Enterprise web server is disabled by default.

Exploit works on Disk Savvy Enterprise 9.4.18 on Windows 7 Professional SP1 x64 and Windows 10 Professional x64.

Platforms

Windows 7
Windows 10

Back to exploit index