Name: DupScout Enterprise 10.0.18 'sid' Buffer Overflow
Code name: Prine
Product: DupScout Enterprise
Fixed versions: 13.2.24
Release date: 2020-12-15 14:00 COT
A stack buffer overflow was found in the
GET parameter of
several requests of DupScout Enterprise 10.0.18 which can be exploited
by an unauthenticated, remote user to gain
NT AUTHORITY\SYSTEM privileges
on the server holding the affected software.
An updated version of DupScout Enterprise is available at the vendor page.
The vulnerability was discovered by Andrés Roldán
from the Offensive Team of
Updated exploit: prine-exploit.py
Vendor page: https://www.dupscout.com/