Primary

Context

Flexsense DiskBoss Local Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A local buffer overflow vulnerability has been identified in Flexsense DiskBoss version 7.7.14, specifically within the 'Input Directory' component. This vulnerability allows unauthenticated attackers to execute arbitrary code on the system. Exploitation involves pasting a specially crafted directory path into the 'Add Input Directory' field.

Impact

Exploitation of this vulnerability leads to a local buffer overflow, allowing for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by turning off Data Execution Prevention (DEP) for the DiskBoss application. After that, the 'Add Input Directory' feature can be accessed, where the crafted payload is pasted into the directory field. Once confirmed, the injected code is executed, demonstrated by the launch of 'calc.exe'.

Added: Dec 5, 2025, 6:39 PM

Updated: Dec 5, 2025, 6:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

6.2

remediation

7.7

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

6.2

remediation

7.7

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flexsense DiskBoss Local Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Flexsense DiskBoss

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating