CVE-2017-7230 – A buffer overflow vulnerability in Disk Sorter ... (How to Fix)

Q: What is the severity of CVE-2017-7230?

CVE-2017-7230 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in Disk Sorter Enterprise allows remote attackers to execute arbitrary code via a crafted GET request. This affects Disk Sorter Enterprise versions 9.5.12 and earlier, potentially giving attackers full control over affected systems.

📋 TL;DR

A buffer overflow vulnerability in Disk Sorter Enterprise allows remote attackers to execute arbitrary code via a crafted GET request. This affects Disk Sorter Enterprise versions 9.5.12 and earlier, potentially giving attackers full control over affected systems.

💻 Affected Systems

Products:

Disk Sorter Enterprise

Versions: 9.5.12 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the web interface component of Disk Sorter Enterprise.

📦 What is this software?

Disk Sorter by Disksorter

View all CVEs affecting Disk Sorter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to install malware, create backdoors, or exfiltrate sensitive data from the affected system.

🟢

If Mitigated

Limited impact if proper network segmentation, firewalls, and intrusion detection systems prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires no authentication, making this easily weaponizable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.5.13 or later

Vendor Advisory: https://www.disksorter.com/

Restart Required: Yes

Instructions:

1. Download the latest version from the official Disk Sorter website. 2. Install the update following vendor instructions. 3. Restart the Disk Sorter service or the entire system.

🔧 Temporary Workarounds

Network Segmentation

windows

Restrict access to Disk Sorter web interface using firewall rules

netsh advfirewall firewall add rule name="Block Disk Sorter Web" dir=in action=block protocol=TCP localport=80,443 remoteip=any

Disable Web Interface

windows

Temporarily disable the vulnerable web interface component

sc stop "Disk Sorter Web Service"
sc config "Disk Sorter Web Service" start= disabled

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the Disk Sorter web interface
Deploy web application firewall (WAF) rules to block buffer overflow attempts in GET requests

🔍 How to Verify

Check if Vulnerable:

Check Disk Sorter version in the application interface or installation directory. Versions 9.5.12 and earlier are vulnerable.

Check Version:

Check the About section in Disk Sorter GUI or examine the installation directory for version files.

Verify Fix Applied:

Verify the installed version is 9.5.13 or later and test that the web interface functions normally without allowing buffer overflow.

📡 Detection & Monitoring

Log Indicators:

Unusually long GET requests in web server logs
Failed buffer overflow attempts in application logs
Unexpected process creation from Disk Sorter service

Network Indicators:

HTTP GET requests with abnormally long parameters to Disk Sorter web interface
Traffic patterns indicating exploitation attempts

SIEM Query:

source="disk_sorter_logs" AND (event="buffer_overflow" OR uri_length>1000)

📊 Metadata

CVE ID: CVE-2017-7230

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: March 22, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/97195
https://www.exploit-db.com/exploits/41666/ Exploit,Third Party Advisory,VDB Entry
http://www.securityfocus.com/bid/97195
https://www.exploit-db.com/exploits/41666/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-7230, you might also want to check these: