CVE-2019-25612
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare feature by pasting a crafted buffer overflow payload into the left-hand side Folder Path field and clicking the scale icon to execute shellcode with application privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Admin-Express | Admin-Express | 1.2.5.485 | affected |
Weaknesses
- CWE-787: Out-of-bounds Write
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/46805
- https://admin-express.en.softonic.com/
- https://admin-express.en.softonic.com/download
- https://www.vulncheck.com/advisories/admin-express-local-seh-buffer-overflow-via-folder-path
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.