Primary

Context

DiskBoss Enterprise Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the built-in web interface of DiskBoss Enterprise. This issue affects versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability stems from inadequate bounds checking on the path component of HTTP GET requests. A remote, unauthenticated attacker can exploit this flaw by sending a specially crafted long URI, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, leading to arbitrary code execution with SYSTEM privileges on the affected Windows system.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP GET request with an excessively long URI that exploits the buffer overflow. This can be done using a tool like Metasploit, which has a module available for this specific vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.2

threat

7.7

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.2

threat

7.7

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DiskBoss Enterprise Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating