Cyber Resilience

CVE-2020-37074

HighPublic PoC

Published: 03 February 2026

Published
03 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0034 25.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37074 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Lizardsystems (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 25.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2020-37074 is a buffer overflow vulnerability (CWE-120) in Remote Desktop Audit version 2.3.0.157. The issue resides in the Add Computers Wizard file import process, where attackers can supply a crafted malicious payload file to trigger a structured exception handler (SEH) bypass and execute shellcode when importing computer lists. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its potential for high-impact remote exploitation.

Remote attackers without privileges can exploit this vulnerability by delivering a malicious file for import into the software. Successful exploitation allows arbitrary code execution on the affected system, granting attackers full control including high confidentiality, integrity, and availability impacts.

Advisories from VulnCheck detail the buffer overflow and SEH bypass mechanics, while Exploit-DB hosts a public proof-of-concept exploit (ID 48465). The vendor site at Lizard Systems provides information on Remote Desktop Audit, though specific patch details are not outlined in the provided references.

EU & UK References

Vulnerability details

Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) bypass and…

more

execute shellcode when importing computer lists.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Buffer overflow in file import directly enables arbitrary code execution via a crafted malicious file supplied to the victim application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7454Shared CWE-120
CVE-2020-37029Shared CWE-120
CVE-2025-27835Shared CWE-120
CVE-2025-27830Shared CWE-120
CVE-2025-27834Shared CWE-120
CVE-2018-25304Shared CWE-120
CVE-2026-6384Shared CWE-120
CVE-2026-7452Shared CWE-120
CVE-2018-25299Shared CWE-120
CVE-2020-37212Shared CWE-120

Affected Assets

Lizardsystems
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation requires timely patching of the buffer overflow vulnerability in the file import process to eliminate the risk of arbitrary code execution.

prevent

Information input validation enforces checks on imported files during the Add Computers Wizard to prevent buffer overflows from malicious payloads.

prevent

Memory protection mechanisms like ASLR and DEP mitigate SEH bypass and shellcode execution even if the buffer overflow occurs.

References