CVE-2020-37031 HIGH

CVE-2020-37031: Simple Startup Manager 1.17 - 'File' Local Buffer Overflow

Vendor Ashkon Software
Product Simple Startup Manager
Weakness CWE-787
Published January 30, 2026
Last update February 3, 2026

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriting memory addresses to launch calc.exe.

Key dates

02Disclosure timeline

January 30, 2026 CVE published
February 3, 2026 Record updated