CVE-2019-25627

HIGH EPSS 17.0%
Published Mar 24, 20263mo ago · Modified Jun 17, 20261w ago
8.6 CVSS 4.0
High
Find Similar
Published Mar 24, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.

CVSS Details

Base Score
8.6
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
17.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt

Affected Products 1

VendorProductVersionRange
flexhexflexhex2.71any

References 4

  • flexhex.com http://www.flexhex.com
    Broken LinkProduct
  • flexhex.com http://www.flexhex.com/download/flexhex_setup.exe
    Broken LinkProduct
  • exploit-db.com https://www.exploit-db.com/exploits/46665
    ExploitVDB Entry
  • vulncheck.com https://www.vulncheck.com/advisories/flexhex-local-buffer-overflow-via-seh-unicode
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.