CVE-2019-25626

HIGH

River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code

Title source: cna

Description

River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.

Exploits (1)

exploitdb WORKING POC

by Chris Au · pythonlocalwindows

https://www.exploit-db.com/exploits/46670

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/46670

[Product] http://www.flexhex.com

[Product] https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1

[Third Party Advisory] https://www.vulncheck.com/advisories/river-past-cam-do-local-buffer-overflow-in-activation-code

Scores

CVSS v3 8.4

EPSS 0.0001

EPSS Percentile 0.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

Flexhex/River Past Cam Do 3.7.6

river_past_cam_do_project/river_past_cam_do < 3.7.6

Published Mar 24, 2026

Tracked Since Mar 24, 2026