CVE-2017-2787
published 2017-03-10CVE-2017-2787: A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's…
PriorityP357critical9CVSS 3.0
AVNACHPRNUINSCCHIHAH
EPSS
4.04%
89.3th percentile
A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pharos | popup | — | — |
| pharos | popup_printer_client | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
Snort Rules: 41505 - 41510
- →The vulnerable process is 'psnotifyd', runs with root privileges, listens on the network, and requires no user interaction — any unexpected network traffic to this process should be treated as high-priority. ↗
- →Exploitation involves crafted packets targeting the BlobData function where attacker-influenced blob data causes a memcpy out-of-bounds write; inspect packets for malformed or oversized blob data fields in psnotifyd protocol traffic. ↗
- ·Snort rules 41505–41510 cover the full family of Pharos psnotifyd vulnerabilities (CVE-2017-2785 through CVE-2017-2788), not exclusively CVE-2017-2787; additional rules may be released and existing rules are subject to change. ↗
- ·Only Pharos PopUp printer client version 9.0 was confirmed tested/vulnerable; other versions were not assessed in the disclosed research. ↗
CVSS provenance
nvdv3.09.0CRITICALCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Pharos Vulnerabilities
blogs_talos·2017-03-07·CVSS 10.0
[CRITICAL] Vulnerability Spotlight: Pharos Vulnerabilities
Discovered by Tyler Bohan of Cisco Talos. Talos would also like to thank NYU Osiris Lab for helping out with these vulnerabilities.
Pharos PopUp Printer is printing software that is widely used to manage multiple connections to a single printing point. Services that run with root privileges that are open to network connections are a tempting target for attackers. Talos is disclosing the presence of three code execution vulnerabilities and a denial of service vulnerability in the psnotifyd application of the Pharos PopUp printer client version 9.0
TALOS-2017-0280, TALOS-2017-0283 Code Execution Vulnerabilities (CVE-2017-2785, CVE-2017-2788)
TALOS-2017-0282 Memcpy Code Execution Vulnerability (CVE-2017-2787)
TALOS-2017-0281 DecodeString Denial of Service Vulnerability (CVE-2017-2786)
##
Talos
Vulnerability Spotlight: Pharos Vulnerabilities
blogs_talos·2017-03-07·CVSS 10.0
[CRITICAL] Vulnerability Spotlight: Pharos Vulnerabilities
## Vulnerability Spotlight: Pharos Vulnerabilities
Discovered by Tyler Bohan of Cisco Talos. Talos would also like to thank NYU Osiris Lab for helping out with these vulnerabilities.
Pharos PopUp Printer is printing software that is widely used to manage multiple connections to a single printing point. Services that run with root privileges that are open to network connections are a tempting target for attackers. Talos is disclosing the presence of three code execution vulnerabilities and a denial of service vulnerability in the psnotifyd application of the Pharos PopUp printer client version 9.0
TALOS-2017-0280, TALOS-2017-0283 Code Execution Vulnerabilities (CVE-2017-2785, CVE-2017-2788)
TALOS-2017-0282 Memcpy Code Execution Vulnerability (CVE-2017-2787)
TALOS-2017-0281 DecodeString
2017-03-10
Published