CVE-2020-37036 HIGH

CVE-2020-37036: RM Downloader 2.50.60 2006.06.23 - 'Load' Local Buffer Overflow

Vendor Mini-Stream Software
Product RM Downloader
Weakness CWE-120
Published January 30, 2026
Last update February 2, 2026

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe.

Key dates

02Disclosure timeline

January 30, 2026 CVE published
February 2, 2026 Record updated