Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-7031

CWE-119 — Buffer Overflow4 documents4 sources

Severity

10.0CRITICAL

EPSS

8.3%

top 7.76%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Foxitsoftware WAC Server

Timeline

PublishedAug 24

Latest updateMay 14

Description

Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDfoxitsoftware/wac_server2.0

🔴Vulnerability Details

GHSA

GHSA-rj98-p7x9-pmrc: Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2↗2022-05-14

▶

CVEList

CVE-2008-7031: Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2↗2009-08-24

▶

💥Exploits & PoCs

Exploit-DB

Foxit WAC Remote Access Server 2.0 Build 3503 - Heap Buffer Overflow↗2008-02-16

▶