CVE-2019-25627

HIGH

FlexHEX 2.71 Local Buffer Overflow via SEH Unicode

Title source: cna

Description

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.

Exploits (1)

exploitdb WORKING POC

by Chris Au · pythonlocalwindows

https://www.exploit-db.com/exploits/46665

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/46665

[Product] http://www.flexhex.com

[Product] http://www.flexhex.com/download/flexhex_setup.exe

[Third Party Advisory] https://www.vulncheck.com/advisories/flexhex-local-buffer-overflow-via-seh-unicode

Scores

CVSS v3 8.4

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

flexhex/flexhex 2.71

Flexhex/FlexHEX 2.71

Published Mar 24, 2026

Tracked Since Mar 24, 2026