CVE-2019-25656

HIGH

R i386 3.5.0 Local Buffer Overflow SEH

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25656. PoCs published by Dino Covotsos.

AI-analyzed exploit summary This exploit leverages a local buffer overflow vulnerability in R i386 3.5.0 by overwriting the SEH (Structured Exception Handler) to achieve arbitrary code execution. The payload is crafted to bypass DEP (Data Execution Prevention) and includes shellcode to launch calc.exe, demonstrating a reliable RCE exploit.

Description

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to overwrite SEH records and achieve code execution with calculator or arbitrary shellcode.

Exploits (1)

exploitdb WORKING POC

by Dino Covotsos · pythonlocalwindows

https://www.exploit-db.com/exploits/46288

View Code ZIP pw:eip

This exploit leverages a local buffer overflow vulnerability in R i386 3.5.0 by overwriting the SEH (Structured Exception Handler) to achieve arbitrary code execution. The payload is crafted to bypass DEP (Data Execution Prevention) and includes shellcode to launch calc.exe, demonstrating a reliable RCE exploit.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: R i386 3.5.0

No auth needed

Prerequisites: User interaction to paste payload into 'Language for menus and messages' field in R's GUI preferences

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46288

https://www.exploit-db.com/exploits/46288

Product product

Official Product Homepage

https://www.r-project.org/

Product product

Product Reference

https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe

Third Party Advisory third-party-advisory

VulnCheck Advisory: R i386 3.5.0 Local Buffer Overflow SEH

https://www.vulncheck.com/advisories/r-i386-local-buffer-overflow-seh

Scores

CVSS v3 8.4

EPSS 0.0016

EPSS Percentile 5.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

R-Project/R i386 3.5.0

Published Apr 05, 2026

Tracked Since Apr 06, 2026