Description
Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted webpage containing a long URL, resulting in arbitrary code execution.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Trancer · rubyremotewindows
https://www.exploit-db.com/exploits/8969
exploitdb
WORKING POC
VERIFIED
by seer[N.N.U] · textremotewindows
https://www.exploit-db.com/exploits/8938
metasploit
WORKING POC
NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/greendam_url.rb
References (6)
Scores
CVSS v4
8.6
EPSS
0.4208
EPSS Percentile
97.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (1)
Zhengzhou Jinhui Computer System Engineering Co. Ltd. ; Beijing Dazheng Human Language Technology Academy/Green Dam Youth Escort
< 3.174
Published
Aug 30, 2025
Tracked Since
Feb 18, 2026