vendor:
CloudMe Sync
by:
T3jv1l
9.8
CVSS
CRITICAL
Buffer Overflow
120 (Buffer Copy without Checking Size of Input)
CWE
Product Name: CloudMe Sync
Affected Version From: 1.11.0
Affected Version To: 1.11.2
Patch Exists: YES
Related CWE: CVE-2018-6892
CPE: a:cloudme:cloudme_sync
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows 7 SP1 x86
2018
CloudMe Sync v1.11.2 Buffer Overflow + Egghunt
CloudMe Sync v1.11.2 is vulnerable to a buffer overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable application. This can result in arbitrary code execution in the context of the application.
Mitigation:
Upgrade to the latest version of CloudMe Sync.
