CVE-2019-25626

EUVD-2019-19992
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
river_past_cam_do_projectriver_past_cam_do
𝑥
≤ 3.7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.flexhex.com
https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1
https://www.exploit-db.com/exploits/46670
https://www.vulncheck.com/advisories/river-past-cam-do-local-buffer-overflow-in-activation-code