CVE-2019-25679

EUVD-2019-20093
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
crunrealterm
2.0.0.70
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://realterm.sourceforge.io/
https://sourceforge.net/projects/realterm/files/
https://www.exploit-db.com/exploits/46441
https://www.vulncheck.com/advisories/realterm-serial-terminal-buffer-overflow-seh