CVE-2019-12594

CRITICAL

DOSBox 0.74-2 - Incorrect Access Control

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12594. PoCs published by Alexandre-Bartel.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2019-12594, a vulnerability in DOSBox 0.74-2. The exploit leverages memory manipulation to achieve remote code execution (RCE) by constructing a ROP chain and overwriting the stack.

Description

DOSBox 0.74-2 has Incorrect Access Control.

Exploits (1)

nomisec WORKING POC 13 stars

by Alexandre-Bartel · poc

https://github.com/Alexandre-Bartel/CVE-2019-12594

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2019-12594, a vulnerability in DOSBox 0.74-2. The exploit leverages memory manipulation to achieve remote code execution (RCE) by constructing a ROP chain and overwriting the stack.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: DOSBox 0.74-2

No auth needed

Prerequisites: DOSBox 0.74-2 running on a vulnerable system · Access to the target system to execute the exploit

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9

Core References

Vendor Advisory x_refsource_misc

https://www.dosbox.com/crew.php

Third Party Advisory x_refsource_misc

https://security-tracker.debian.org/tracker/CVE-2019-12594

Mailing List, Third Party Advisory x_refsource_confirm

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931222

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/07/msg00004.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYV27Z3QZTDHUZJLW3LDJYO7HBVIMJ5F/

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2019/dsa-4478

Mailing List mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Jul/14

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00047.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00053.html

Scores

CVSS v3 9.8

EPSS 0.0669

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (4)

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

dosbox/dosbox 0.74-2

Published Jul 02, 2019

Tracked Since Feb 18, 2026