Vulnerability Description
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| River Past Cam Do Project | River Past Cam Do | <= 3.7.6 |
Related Weaknesses (CWE)
References
- http://www.flexhex.comNot Applicable
- https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1Product
- https://www.exploit-db.com/exploits/46670ExploitVDB Entry
- https://www.vulncheck.com/advisories/river-past-cam-do-local-buffer-overflow-in-Third Party Advisory
FAQ
What is CVE-2019-25626?
CVE-2019-25626 is a vulnerability with a CVSS score of 8.4 (HIGH). River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code...
How severe is CVE-2019-25626?
CVE-2019-25626 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25626?
Check the references section above for vendor advisories and patch information. Affected products include: River Past Cam Do Project River Past Cam Do.