8.6
CVE-2019-25626
- EPSS 0.24%
- Veröffentlicht 24.03.2026 11:27:01
- Zuletzt bearbeitet 27.04.2026 13:35:16
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginRiver Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
River Past Cam Do Project ≫ River Past Cam Do Version <= 3.7.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.151 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 8.6 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| disclosure@vulncheck.com | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://www.exploit-db.com/exploits/46670
http://www.flexhex.com
https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1
https://www.vulncheck.com/advisories/river-past-cam-do-local-buffer-overflow-in-activation-code