CVE-2019-25670

River Past Video Cleaner 7.6.3 Buffer Overflow via SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-787

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exception handler override, and shellcode to trigger code execution when the application processes the input.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

River Past · River Past Video Cleaner

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/46346unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://river-past-video-cleaner.softonic.com/https://www.exploit-db.com/exploits/46346 https://www.vulncheck.com/advisories/river-past-video-cleaner-buffer-overflow-via-seh