UNKNOWNCVE-2019-25650
River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow
Platform
windows
Component
river-past-camdo
River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SEH handler address pointing to a pop-pop-ret gadget to trigger code execution and establish a bind shell on port 3110.
How to fix
Actualizar a una versión posterior a la 3.7.6 o desinstalar el software River Past CamDo. No hay una versión corregida disponible, por lo que la desinstalación es la opción más segura.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free