CVE-2019-25627 HIGH

CVE-2019-25627: FlexHEX 2.71 Local Buffer Overflow via SEH Unicode

Vendor Flexhex
Product FlexHEX
Weakness CWE-434 · Unrestricted file upload
Published March 24, 2026
Last update March 24, 2026

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.

Key dates

02Disclosure timeline

March 24, 2026 CVE published
March 24, 2026 Record updated

Related vulnerabilities

04Related CVE