Cyber Resilience

CVE-2020-37036

HighPublic PoC

Published: 30 January 2026

Published
30 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0020 10.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37036 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Informer (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2020-37036 is a local buffer overflow vulnerability (CWE-120) affecting RM Downloader version 2.50.60, specifically in the 'Load' parameter. This flaw enables attackers to overwrite memory, leading to arbitrary code execution. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its high impact on confidentiality, integrity, and availability in a local attack context.

A local attacker can exploit this vulnerability with low complexity and no privileges required, without needing user interaction. By crafting a malicious payload incorporating an egg hunter technique, the attacker can bypass memory protections and execute arbitrary commands, such as launching calc.exe.

Advisories and related resources, including a VulnCheck advisory at https://www.vulncheck.com/advisories/rm-downloader-load-local-buffer-overflow, an Exploit-DB entry at https://www.exploit-db.com/exploits/48628, and a GitHub repository at https://github.com/x00x00x00x00/RMDownloader_2.50.60, document the issue and proof-of-concept exploit details. The RM Downloader software page is available at https://rm-downloader.software.informer.com/. No specific patches or mitigations are detailed in the provided information.

EU & UK References

Vulnerability details

RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute…

more

commands like launching calc.exe.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local buffer overflow enabling arbitrary code execution with no privileges required maps directly to exploitation for privilege escalation or code execution on the local system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2018-25299Shared CWE-120
CVE-2026-1679Shared CWE-120
CVE-2026-28925Shared CWE-120
CVE-2018-9387Shared CWE-120
CVE-2025-71263Shared CWE-120
CVE-2020-37049Shared CWE-120
CVE-2025-47388Shared CWE-120
CVE-2018-25263Shared CWE-120
CVE-2022-49754Shared CWE-120
CVE-2025-49495Shared CWE-120

Affected Assets

Informer
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and patching of the buffer overflow flaw in RM Downloader to eliminate the vulnerability.

prevent

Implements memory safeguards like DEP and ASLR to protect against arbitrary code execution via buffer overflows, even against egg hunter bypass techniques.

prevent

Restricts user installation of unapproved software like vulnerable RM Downloader, preventing deployment of exploitable applications.

References