CVE-2019-25627

Sažetak

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.

Reference

http://www.flexhex.com
http://www.flexhex.com/download/flexhex_setup.exe
https://www.exploit-db.com/exploits/46665
https://www.vulncheck.com/advisories/flexhex-local-buffer-overflow-via-seh-unicode

CVSS

Base:	8.4
Impact:	5.9
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

24-03-2026 - 15:53

Objavljeno

24-03-2026 - 12:16