CVE-2019-25627

HIGH

FlexHEX 2.71 Local Buffer Overflow via SEH Unicode

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25627. PoCs published by Chris Au.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow vulnerability in FlexHEX 2.71 via a crafted stream name, leveraging SEH Unicode bypass to execute arbitrary code (calc.exe). The payload includes alignment adjustments, NOP sleds, and a shellcode to trigger the exploit.

Description

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.

Exploits (1)

exploitdb WORKING POC

by Chris Au · pythonlocalwindows

https://www.exploit-db.com/exploits/46665

View Code ZIP pw:eip

This exploit demonstrates a local buffer overflow vulnerability in FlexHEX 2.71 via a crafted stream name, leveraging SEH Unicode bypass to execute arbitrary code (calc.exe). The payload includes alignment adjustments, NOP sleds, and a shellcode to trigger the exploit.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FlexHEX 2.71

No auth needed

Prerequisites: FlexHEX 2.71 installed on Windows XP SP3 · ability to paste malicious input into the 'Stream Name' field

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 24, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46665

https://www.exploit-db.com/exploits/46665

Product product

Official Product Homepage

http://www.flexhex.com

Product product

Product Reference

http://www.flexhex.com/download/flexhex_setup.exe

Third Party Advisory third-party-advisory

VulnCheck Advisory: FlexHEX 2.71 Local Buffer Overflow via SEH Unicode

https://www.vulncheck.com/advisories/flexhex-local-buffer-overflow-via-seh-unicode

Scores

CVSS v3 8.4

EPSS 0.0026

EPSS Percentile 17.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

flexhex/flexhex 2.71

Flexhex/FlexHEX 2.71

Published Mar 24, 2026

Tracked Since Mar 24, 2026