Cyber Posture

CVE-2020-37181

CriticalPublic PoC

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 22.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37181 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Torrentrockyou (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 22.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and remediation of flaws like the stack overflow in Torrent FLV Converter, including patching if available or removal otherwise.

CM-10 Software Usage Restrictions good match
prevent

Authorizes and restricts software usage to approved applications only, preventing execution of vulnerable third-party software such as Torrent FLV Converter.

SI-16 Memory Protection good match
prevent

Implements memory safeguards like DEP and ASLR that directly mitigate stack overflow exploits involving SEH overwrites on 32-bit Windows systems.

NVD Description

Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to…

more

potentially execute arbitrary code on vulnerable Windows 32-bit systems.

Deeper analysisAI

CVE-2020-37181 is a stack overflow vulnerability in Torrent FLV Converter version 1.51 Build 117. The issue arises from a malicious registration code input that enables attackers to overwrite the Structured Exception Handler (SEH) using specific offsets and partial SEH overwrite techniques. It affects vulnerable 32-bit Windows systems and is classified under CWE-121 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remote attackers can exploit this vulnerability over the network without requiring user privileges or interaction. By crafting a suitable payload, they can achieve arbitrary code execution on the target system, compromising confidentiality, integrity, and availability to a high degree.

Advisories and references include a proof-of-concept exploit on Exploit-DB (https://www.exploit-db.com/exploits/47938) and a detailed advisory from Vulncheck (https://www.vulncheck.com/advisories/torrent-flv-converter-build-stack-oveflow-seh-partial-overwrite). No vendor patches or specific mitigation steps are detailed in the provided information.

Details

CWE(s)
CWE-121

Affected Products

Torrentrockyou
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-70219Shared CWE-121
CVE-2026-29972Shared CWE-121
CVE-2025-60690Shared CWE-121
CVE-2026-4444Shared CWE-121
CVE-2025-61128Shared CWE-121
CVE-2019-25319Shared CWE-121
CVE-2026-22923Shared CWE-121
CVE-2025-69195Shared CWE-121
CVE-2020-37124Shared CWE-121
CVE-2026-22904Shared CWE-121

References