CVE-2019-25603

High CVSS: 8.6

TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establish a bind shell.

Vendor

Product

CWE

CWE-787

Yayın Tarihi

2026-03-22 14:16:27

Güncelleme

2026-03-23 14:31:37

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-787 HIGH 2026

Referanslar

http://www.tuneclone.com/ http://www.tuneclone.com/tuneclone_setup.exe https://www.exploit-db.com/exploits/47012 https://www.vulncheck.com/advisories/tuneclone-structured-exception-handler-buffer-overflow