Plattform
windows
Komponente
river-past-camdo
Behoben in
3.7.7
CVE-2019-25650 describes a buffer overflow vulnerability affecting River Past CamDo versions 3.7.6–3.7.6. This flaw allows a local attacker to execute arbitrary code by manipulating the Lame_enc.dll name field. The vulnerability's impact is significant, potentially granting attackers complete control over the affected system. A fix is available, and immediate action is recommended.
The vulnerability lies in the way River Past CamDo handles the name field within the Lameenc.dll file. An attacker can craft a malicious payload, approximately 280 bytes in length, containing an NSEH jump instruction and an SEH handler address pointing to a pop-pop-ret gadget. This crafted payload, when supplied as the Lameenc.dll name, can trigger a buffer overflow, leading to arbitrary code execution. Successful exploitation allows an attacker to establish a bind shell on port 3110, effectively gaining remote control of the system. The blast radius is significant, as the attacker can potentially access sensitive data, install malware, or pivot to other systems on the network.
CVE-2019-25650 was published on March 26, 2026. As of the current date, there are no publicly known active campaigns exploiting this vulnerability. A proof-of-concept (POC) demonstrating the exploitation of this vulnerability has been published. The EPSS score is likely HIGH, indicating a significant probability of exploitation. The vulnerability is considered HIGH severity due to the potential for arbitrary code execution.
Systems running River Past CamDo version 3.7.6 are directly at risk. Environments where local administrator access is readily available, or where the Lame_enc.dll component is exposed through a network share, are particularly vulnerable. Users who have not implemented robust access controls or security monitoring practices are also at increased risk.
• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*CamDo*'} | Select-Object -ExpandProperty Id• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath '//Event[System[Provider[@Name='Microsoft-Windows-DriverFrameworks-UserMode']]]'• windows / supply-chain: Check Autoruns for suspicious entries related to Lame_enc.dll. • windows / supply-chain: Monitor registry keys related to River Past CamDo for unexpected modifications.
disclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2019-25650 is to upgrade River Past CamDo to a patched version. Unfortunately, a fixed version is not currently available. As a workaround, restrict access to the Lameenc.dll file and implement strict input validation on any user-supplied data used in its processing. Consider using a Web Application Firewall (WAF) to filter malicious requests. Monitor system logs for suspicious activity related to Lameenc.dll. After applying mitigations, verify their effectiveness by attempting to trigger the vulnerability with a known malicious payload and confirming that the application does not crash or execute arbitrary code.
Actualizar a una versión posterior a la 3.7.6 o desinstalar el software River Past CamDo. No hay una versión corregida disponible, por lo que la desinstalación es la opción más segura.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-25650 is a buffer overflow vulnerability in River Past CamDo versions 3.7.6–3.7.6, allowing local attackers to execute arbitrary code by manipulating the Lame_enc.dll name field.
If you are running River Past CamDo version 3.7.6, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade River Past CamDo to a patched version. If upgrading is not immediately possible, implement WAF rules to filter malicious input.
While no active exploitation campaigns are explicitly reported, the availability of a detailed payload description suggests a potential for exploitation.
Please consult the River Past CamDo vendor website or security mailing lists for the official advisory related to CVE-2019-25650.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.