CVE-2019-25650
Published: 26 March 2026
Summary
CVE-2019-25650 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Softonic (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
River Past CamDo version 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability, classified under CWE-787, in the Lame_enc.dll name field. This flaw allows local attackers to execute arbitrary code by supplying a malicious string, with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Local attackers with access to the system can exploit this vulnerability without privileges by crafting a payload consisting of a 280-byte buffer, an NSEH jump instruction, and an SEH handler address pointing to a pop-pop-ret gadget. Successful exploitation triggers code execution, enabling actions such as establishing a bind shell on TCP port 3110.
Advisories and references, including an Exploit-DB entry (exploit 46335) with a proof-of-concept and a Vulncheck advisory on the River Past CamDo SEH buffer overflow, document the issue but do not specify patches or mitigations in the available details. A Softonic download link for the software is also referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-20039
Vulnerability details
River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer,…
more
NSEH jump instruction, and SEH handler address pointing to a pop-pop-ret gadget to trigger code execution and establish a bind shell on port 3110.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local SEH buffer overflow in CamDo enables arbitrary code execution (e.g., bind shell) via malicious input, directly mapping to exploitation for privilege escalation (T1068) and client-side code execution (T1203).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires identification, reporting, and correction of system flaws like this SEH buffer overflow, directly eliminating the vulnerability through patching or removal of vulnerable River Past CamDo software.
SI-16 implements memory protection mechanisms such as DEP and ASLR that prevent exploitation of SEH buffer overflows by blocking arbitrary code execution and ROP chains like pop-pop-ret gadgets.
SI-10 enforces validation of information inputs like the malicious string in the Lame_enc.dll name field to prevent buffer overflows by checking length and format.