CVE-2019-25626

River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.flexhex.com	Not Applicable
https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1	Product
https://www.exploit-db.com/exploits/46670	Exploit VDB Entry
https://www.vulncheck.com/advisories/river-past-cam-do-local-buffer-overflow-in-activation-code	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:river_past_cam_do_project:river_past_cam_do:*:*:*:*:*:*:*:*

History

27 Apr 2026, 13:35

Type	Values Removed	Values Added
CPE		cpe:2.3:a:river_past_cam_do_project:river_past_cam_do::::::::
First Time		River Past Cam Do Project River Past Cam Do Project river Past Cam Do
Summary		(es) River Past Cam Do 3.7.6 contiene una vulnerabilidad local de desbordamiento de búfer en el campo de entrada del código de activación que permite a atacantes locales ejecutar código arbitrario al proporcionar una cadena de código de activación maliciosa. Los atacantes pueden crear un búfer que contenga 608 bytes de datos basura seguidos de shellcode y valores de sobrescritura de la cadena SEH para desencadenar la ejecución de código cuando el diálogo de activación procesa la entrada.
References	~~() http://www.flexhex.com -~~	() http://www.flexhex.com - Not Applicable
References	~~() https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1 -~~	() https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1 - Product
References	~~() https://www.exploit-db.com/exploits/46670 -~~	() https://www.exploit-db.com/exploits/46670 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/river-past-cam-do-local-buffer-overflow-in-activation-code -~~	() https://www.vulncheck.com/advisories/river-past-cam-do-local-buffer-overflow-in-activation-code - Third Party Advisory

24 Mar 2026, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-24 12:16

Updated : 2026-04-27 13:35

NVD link : CVE-2019-25626

Mitre link : CVE-2019-25626

CVE.ORG link : CVE-2019-25626

JSON object : View

Products Affected

river_past_cam_do_project

river_past_cam_do

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

8.4 /10