CVE-2020-37120
Buffer Overflow in Rubo DICOM Viewer Enables Remote Code Execution
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rubo_medical_imaging | dicom_viewer | 2.0 |
| rubo_medical_imaging | dicom_viewer | to 2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-37120 is a buffer overflow vulnerability in Rubo DICOM Viewer 2.0, specifically in the DICOM server name input field. This flaw allows attackers to overwrite the Structured Exception Handler (SEH), a mechanism used by Windows to handle exceptions. By crafting a malicious text file with a carefully constructed payload, an attacker can overwrite the SEH and trigger remote code execution.
The exploit involves creating a specially designed input buffer that overflows the input field, overwriting SEH with an address that redirects execution flow to attacker-controlled shellcode. This shellcode can execute arbitrary commands on the affected system, demonstrated by a proof-of-concept that runs the Windows calculator application.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including local privilege escalation and remote code execution on the affected system. An attacker who successfully exploits this flaw can execute arbitrary code with the privileges of the user running the Rubo DICOM Viewer application.
Such arbitrary code execution could lead to unauthorized access, data manipulation, or disruption of the medical imaging software, potentially compromising the confidentiality, integrity, and availability of sensitive medical data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the buffer overflow condition in the DICOM server name input field of Rubo DICOM Viewer 2.0. A crafted malicious text file containing a specially constructed payload can be used to test if the application is vulnerable by observing if the Structured Exception Handler (SEH) is overwritten and arbitrary code execution occurs.'}, {'type': 'paragraph', 'content': "Specifically, the exploit involves creating a file (e.g., overview.txt) with a buffer of 1868 'A' characters followed by shellcode and SEH overwrite sequences, then pasting this buffer into the vulnerable input field. Monitoring application behavior or crashes during this test can indicate the presence of the vulnerability."}, {'type': 'paragraph', 'content': 'There are no direct network detection commands provided, as the attack vector is local (AV:L). Detection would typically involve manual testing or using the provided proof-of-concept exploit script (written in Python) from the exploit database.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable input field with untrusted data and restricting access to the Rubo DICOM Viewer 2.0 application to trusted users only, since the attack requires local access and user interaction.
Additionally, monitoring for updates or patches from the vendor and applying them as soon as they become available is critical to fully remediate the vulnerability.
As a temporary workaround, users should refrain from opening or pasting untrusted text files into the DICOM server name input field to prevent exploitation.