CVE-2012-2614

Lattice Diamond Programmer 1.4.2 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2614. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates a buffer overflow vulnerability in Lattice Diamond Programmer via a maliciously crafted '.xcf' file. The PoC XML file triggers a crash and overwrites the SEH chain, proving arbitrary code execution is possible.

Description

Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Core Security · textdoswindows
https://www.exploit-db.com/exploits/19340

The exploit demonstrates a buffer overflow vulnerability in Lattice Diamond Programmer via a maliciously crafted '.xcf' file. The PoC XML file triggers a crash and overwrites the SEH chain, proving arbitrary code execution is possible.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Lattice Diamond Programmer 1.4.2 for Windows
No auth needed
Prerequisites: Victim must open the malicious '.xcf' file using 'programmer.exe'
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/19340
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-06/0136.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48431

Scores

EPSS 0.0410
EPSS Percentile 89.4%

Details

CWE
CWE-119
Status published
Products (1)
lattice_semiconductor/lattice_diamond_programmer 1.4.2
Published Jul 12, 2012
Tracked Since Feb 18, 2026