CVE-2019-25656

R i386 3.5.0 Local Buffer Overflow SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-787

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to overwrite SEH records and achieve code execution with calculator or arbitrary shellcode.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

R-Project · R i386

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/46288unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe https://www.exploit-db.com/exploits/46288 https://www.r-project.org/https://www.vulncheck.com/advisories/r-i386-local-buffer-overflow-seh