Platform
windows
Component
river-past-camdo
Fixed in
3.7.7
CVE-2019-25650 describes a buffer overflow vulnerability affecting River Past CamDo versions 3.7.6–3.7.6. This flaw allows a local attacker to execute arbitrary code by manipulating the Lame_enc.dll name field. The vulnerability's impact is significant, potentially granting attackers complete control over the affected system. A fix is available, and immediate action is recommended.
The buffer overflow in River Past CamDo allows a local attacker to gain arbitrary code execution. By crafting a malicious string within the Lame_enc.dll name field, an attacker can overwrite memory and hijack program control. The provided description details a specific payload construction involving a 280-byte buffer, an NSEH jump instruction, and a SEH handler address pointing to a pop-pop-ret gadget, ultimately enabling the establishment of a bind shell on port 3110. This indicates a high potential for remote command execution if the attacker can successfully trigger the overflow. The blast radius is limited to the local system, but the ability to execute arbitrary code makes it a critical security concern.
CVE-2019-25650 has been publicly disclosed. While no active exploitation campaigns are explicitly reported, the availability of a detailed payload description suggests a potential for exploitation. The vulnerability's reliance on local access may limit its immediate widespread impact, but it remains a significant risk for systems running vulnerable versions of River Past CamDo. The vulnerability was published on 2026-03-26.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2019-25650 is to upgrade River Past CamDo to a patched version. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) to filter potentially malicious input targeting the Lameenc.dll name field. Specifically, WAF rules should be configured to block requests containing excessively long or unusual characters in this field. Additionally, monitor system logs for suspicious activity related to Lameenc.dll. After upgrading, confirm the fix by attempting to trigger the vulnerability with the described payload and verifying that it is no longer exploitable.
Update to a version later than 3.7.6 or uninstall the River Past CamDo software. No patched version is available, so uninstallation is the safest option.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-25650 is a buffer overflow vulnerability in River Past CamDo versions 3.7.6–3.7.6, allowing local attackers to execute arbitrary code by manipulating the Lame_enc.dll name field.
If you are running River Past CamDo version 3.7.6, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade River Past CamDo to a patched version. If upgrading is not immediately possible, implement WAF rules to filter malicious input.
While no active exploitation campaigns are explicitly reported, the availability of a detailed payload description suggests a potential for exploitation.
Please consult the River Past CamDo vendor website or security mailing lists for the official advisory related to CVE-2019-25650.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.