Published: 24/05/2010 Updated: 17/08/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20.0, and possibly other versions prior to 3.2.21, allows user-assisted remote malicious users to execute arbitrary code via a long filename in a (1) .sps or (2) zip profile.

Vulnerable Product	Search on Vulmon	Subscribe to Product
2brightsparks syncback 3.2.20.0

#!/usr/bin/ruby # Software : SyncBack Freeware V32200 # Author : Lincoln # Date : May 19, 2010 # Reference : wwwcorelanbe:8800/advisoriesphp?id=CORELAN-10-041 # OS : Windows # Tested on : XP SP3 En (VirtualBox) # Type of vuln : SEH # Greetz to : Corelan Security Team # wwwcorelanbe: ...

CWE-119 http://www.2brightsparks.com/freeware/changes.html http://www.corelan.be:8800/wp-content/forum-file-uploads/lincoln/syncbackup.rb_.txt http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-041-syncback-freeware-v3-2-20-0/http://www.securityfocus.com/bid/40311 http://secunia.com/advisories/39865 http://osvdb.org/64752 https://exchange.xforce.ibmcloud.com/vulnerabilities/58727 https://nvd.nist.gov https://www.exploit-db.com/exploits/12662/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1688

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect