CVE-2017-14627

HIGH

CyberLink LabelPrint 2.5 - RCE

Title source: llm

Description

Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/45985

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by f3ci · pythonlocalwindows

https://www.exploit-db.com/exploits/42777

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by modpr0be <[email protected]>, f3ci <[email protected]> · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/cyberlink_lpp_bof.rb

View Code ZIP pw:eip

References (3)

[Exploit, Technical Description, Third Party Advisory] https://blog.spentera.com/2017/09/19/unicode-stack-based-buffer-overflow-on-cyberlink-labelprint-2-5/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42777/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45985/

Scores

CVSS v3 7.8

EPSS 0.5020

EPSS Percentile 97.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

cyberlink/labelprint 2.5

Published Sep 23, 2017

Tracked Since Feb 18, 2026