CVE-2019-25679

RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH

CVSS 8.5 HIGHEPSS 0.3%CWE-787

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Realterm · RealTerm: Serial Terminal

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/46441unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://realterm.sourceforge.io/https://sourceforge.net/projects/realterm/files/https://www.exploit-db.com/exploits/46441 https://www.vulncheck.com/advisories/realterm-serial-terminal-buffer-overflow-seh