SyncBack Profile Import Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with SyncBack Freeware and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: Application.

Solution

Upgrade to the SyncBack Freeware version 3.2.21 For updates refer to http://www.2brightsparks.com/downloads.html#freeware

Insight

The flaw exists due to boundary error when importing 'SyncBack' profiles, which leads to stack-based buffer overflow when a user opens a specially crafted '.sps' file.

Affected

SyncBack Freeware version prior to 3.2.21

References

http://osvdb.org/64752
http://secunia.com/advisories/39865
http://xforce.iss.net/xforce/xfdb/58727

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1688
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux)
CursorArts ZipWrangler 'ZIP Processing' Buffer Overflow Vulnerability
BSPlayer Stack Overflow Vulnerability SRT
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Linux)
BarCodeWiz 'BarcodeWiz.dll' ActiveX Control BOF Vulnerability

Take action and discover your vulnerabilities