CVE-2020-37074
Published: 03 February 2026
Summary
CVE-2020-37074 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Lizardsystems (inferred from references). Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 25.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2020-37074 is a buffer overflow vulnerability (CWE-120) in Remote Desktop Audit version 2.3.0.157. The issue resides in the Add Computers Wizard file import process, where attackers can supply a crafted malicious payload file to trigger a structured exception handler (SEH) bypass and execute shellcode when importing computer lists. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its potential for high-impact remote exploitation.
Remote attackers without privileges can exploit this vulnerability by delivering a malicious file for import into the software. Successful exploitation allows arbitrary code execution on the affected system, granting attackers full control including high confidentiality, integrity, and availability impacts.
Advisories from VulnCheck detail the buffer overflow and SEH bypass mechanics, while Exploit-DB hosts a public proof-of-concept exploit (ID 48465). The vendor site at Lizard Systems provides information on Remote Desktop Audit, though specific patch details are not outlined in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31014
Vulnerability details
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) bypass and…
more
execute shellcode when importing computer lists.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in file import directly enables arbitrary code execution via a crafted malicious file supplied to the victim application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation requires timely patching of the buffer overflow vulnerability in the file import process to eliminate the risk of arbitrary code execution.
Information input validation enforces checks on imported files during the Add Computers Wizard to prevent buffer overflows from malicious payloads.
Memory protection mechanisms like ASLR and DEP mitigate SEH bypass and shellcode execution even if the buffer overflow occurs.