CVE-2019-25627

Published: Mar 24, 2026 Last Modified: Mar 24, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 8,4

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.

434

Unrestricted Upload of File with Dangerous Type

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: ASP.NET, Not Language-Specific, PHP

Technologies: Web Server

Likelihood of Exploit: Medium

View CWE Details

https://www.exploit-db.com/exploits/46665

https://www.exploit-db.com/exploits/46665

https://www.vulncheck.com/advisories/flexhex-local-buffer-o…

https://www.vulncheck.com/advisories/flexhex-local-buffer-overflow-via-seh-unic…

http://www.flexhex.com

http://www.flexhex.com

http://www.flexhex.com/download/flexhex_setup.exe

http://www.flexhex.com/download/flexhex_setup.exe