CVE-2019-25695

HIGH

R 3.4.4 Local Buffer Overflow Windows XP SP3

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25695. PoCs published by Dino Covotsos.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow in R 3.4.4 on Windows XP SP3 by overwriting the return address with a JMP ESP instruction from user32.dll, followed by NOP sleds and shellcode to execute calc.exe. The payload is written to a file and requires manual pasting into the 'Language for menus and messages' field in the GUI preferences.

Description

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.

Exploits (1)

exploitdb WORKING POC

by Dino Covotsos · pythonlocalwindows

https://www.exploit-db.com/exploits/46265

View Code ZIP pw:eip

This exploit demonstrates a local buffer overflow in R 3.4.4 on Windows XP SP3 by overwriting the return address with a JMP ESP instruction from user32.dll, followed by NOP sleds and shellcode to execute calc.exe. The payload is written to a file and requires manual pasting into the 'Language for menus and messages' field in the GUI preferences.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: R 3.4.4

No auth needed

Prerequisites: Windows XP SP3 ENG x86 · R 3.4.4 installed · manual pasting of payload into GUI preferences

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 12, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46265

https://www.exploit-db.com/exploits/46265

Product product

Official Product Homepage

https://cloud.r-project.org/bin/windows/

Third Party Advisory third-party-advisory

VulnCheck Advisory: R 3.4.4 Local Buffer Overflow Windows XP SP3

https://www.vulncheck.com/advisories/r-local-buffer-overflow-windows-xp-sp3

Scores

CVSS v3 8.4

EPSS 0.0019

EPSS Percentile 8.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

r-project/R 3.4.4

Published Apr 12, 2026

Tracked Since Apr 12, 2026