{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25650", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-26T13:19:46.066Z", "datePublished": "2026-03-26T13:24:20.734Z", "dateUpdated": "2026-03-26T18:52:11.464Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T13:24:20.734Z"}, "datePublic": "2019-02-07T00:00:00.000Z", "title": "River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow", "descriptions": [{"lang": "en", "value": "River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SEH handler address pointing to a pop-pop-ret gadget to trigger code execution and establish a bind shell on port 3110."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "riverpast", "product": "River Past CamDo", "versions": [{"version": "3.7.6", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46335", "name": "ExploitDB-46335", "tags": ["exploit"]}, {"url": "https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/river-past-camdo-structured-exception-handler-buffer-overflow"}], "credits": [{"lang": "en", "value": "Achilles", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T18:52:04.820770Z", "id": "CVE-2019-25650", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:52:11.464Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25650", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T18:52:04.820770Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:52:08.057Z"}}], "cna": {"title": "River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow", "credits": [{"lang": "en", "type": "finder", "value": "Achilles"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "riverpast", "product": "River Past CamDo", "versions": [{"status": "affected", "version": "3.7.6"}]}], "datePublic": "2019-02-07T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46335", "name": "ExploitDB-46335", "tags": ["exploit"]}, {"url": "https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/river-past-camdo-structured-exception-handler-buffer-overflow", "name": "VulnCheck Advisory: River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SEH handler address pointing to a pop-pop-ret gadget to trigger code execution and establish a bind shell on port 3110."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T13:24:20.734Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25650", "state": "PUBLISHED", "dateUpdated": "2026-03-26T18:52:11.464Z", "dateReserved": "2026-03-26T13:19:46.066Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-26T13:24:20.734Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SEH handler address pointing to a pop-pop-ret gadget to trigger code execution and establish a bind shell on port 3110."}, {"lang": "es", "value": "River Past CamDo 3.7.6 contiene una vulnerabilidad de desbordamiento de b\u00fafer del gestor de excepciones estructurado (SEH) que permite a atacantes locales ejecutar c\u00f3digo arbitrario al proporcionar una cadena maliciosa en el campo de nombre de Lame_enc.dll. Los atacantes pueden crear una carga \u00fatil con un b\u00fafer de 280 bytes, una instrucci\u00f3n de salto NSEH y una direcci\u00f3n del gestor SEH que apunte a un gadget pop-pop-ret para desencadenar la ejecuci\u00f3n de c\u00f3digo y establecer un bind shell en el puerto 3110."}], "id": "CVE-2019-25650", "lastModified": "2026-05-01T15:21:32.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-26T14:16:06.663", "references": [{"source": "disclosure@vulncheck.com", "url": "https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46335"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/river-past-camdo-structured-exception-handler-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.7.6"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "River Past CamDo", "source": "cna", "vendor": "riverpast"}, "product": "river_past_camdo", "vendor": "riverpast"}], "analysis": {"en": {"generated_at": "2026-03-26T15:03:51.460305+00:00", "value": {"mitigation_remediation": ["Upgrade River Past CamDo to the latest release that fixes the SEH buffer overflow.", "If an update is not possible, restrict file system permissions on the directory containing Lame_enc.dll to prevent local users from altering the filename or executing malicious code.", "Block or monitor port\u00a03110 on the host to prevent unauthorized bind shells from being established."], "summary": {"action": "Patch Immediately", "impact": "Local code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects River Past CamDo version\u00a03.7.6, distributed for Windows. No other vendors or products are listed. Users running that version should review their installation and ensure no untrusted access to the Lame_enc.dll file.", "description_and_impact": "River Past CamDo 3.7.6 contains a structured exception handler buffer overflow that can be triggered by a local attacker who supplies a malicious string in the Lame_enc.dll name field. By injecting a 280\u2011byte payload containing an NSEH jump and an SEH handler that points to a pop\u2011pop\u2011ret gadget, the attacker can gain arbitrary code execution and create a bind shell listening on port\u00a03110.", "risk_and_exploitability": "The CVSS score is 8.6, indicating high severity. No EPSS data is available and the flaw is not present in the CISA KEV catalog. The attack requires local access and the ability to input a crafted filename, so it is a local privilege escalation flaw that could allow a malicious user on the machine to execute code, compromise data, or establish a remote shell. Given the high CVSS, the risk to an affected system is significant if the local attacker is a potential threat actor."}}}}, "created": "2026-03-27T08:34:20.369884+00:00", "updated": "2026-03-27T09:26:48.792146+00:00", "vendors": ["riverpast", "riverpast$PRODUCT$river_past_camdo"]}