SyncBreeze 10.1.16 SEH GET Overflow

There exists an unauthenticated SEH based vulnerability in the HTTP server of Sync Breeze Enterprise version 10.1.16, when sending a GET request with an excessive length it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows NT AUTHORITYSYSTEM account. The SEH record is overwritten with a “POP,POP,RET” pointer from the application library libspp.dll. This exploit has been successfully tested on Windows XP, 7 and 10 (x86->x64). It should work against all versions of Windows and service packs.
Source: SyncBreeze 10.1.16 SEH GET Overflow

The post SyncBreeze 10.1.16 SEH GET Overflow appeared first on MondoUnix.