CVE-2014-3791
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| efssoft | easy_file_sharing_web_server | 6.8 | |
References
- http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day
- http://osvdb.org/show/osvdb/106965
- http://packetstormsecurity.com/files/126614/Easy-File-Sharing-Web-Server-6.8-Buffer-Overflow.html
- http://www.exploit-db.com/exploits/33352
- http://www.securityfocus.com/bid/67406
- http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day
- http://osvdb.org/show/osvdb/106965
- http://packetstormsecurity.com/files/126614/Easy-File-Sharing-Web-Server-6.8-Buffer-Overflow.html
- http://www.exploit-db.com/exploits/33352
- http://www.securityfocus.com/bid/67406
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.