CVE-2020-37140
Unknown Unknown - Not Provided
Denial of Service in AIDA64 File Open Functionality

Publication date: 2026-02-05

Last updated on: 2026-03-27

Assigner: VulnCheck

Description
Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-03-27
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37140
EUVD
EUVD-2020-31030
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
aida64 aida64 5.50.2100
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2020-37140 is a local denial of service (DoS) vulnerability in Everest (later known as AIDA64) version 5.50.2100 and earlier. The vulnerability arises from improper handling of input in the file open dialog of the application.'}, {'type': 'paragraph', 'content': 'An attacker can create a 450-byte buffer filled with repeated characters and paste it into the file open dialog, which causes the application to crash. This crash is triggered because the application does not properly handle this specially crafted input.'}, {'type': 'paragraph', 'content': "The exploit involves copying a buffer of 450 'A' characters into the clipboard and pasting it into the 'Open File' field during the report assistant workflow, leading to an application crash."}] [1, 2]

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the affected Everest (AIDA64) version 5.50.2100. Specifically, create a buffer of 450 repeated characters and paste it into the file open dialog within the application to see if it crashes.'}, {'type': 'list_item', 'content': 'Create a file named "Everest.txt" containing 450 repeated "A" characters.'}, {'type': 'list_item', 'content': 'Copy the contents of this file to the clipboard.'}, {'type': 'list_item', 'content': 'Open Everest/AIDA64 and navigate to the "Informe" > "Asistente de Informes" section.'}, {'type': 'list_item', 'content': 'Paste the buffer into the "Abrir Archivo" (Open File) dialog.'}, {'type': 'list_item', 'content': 'Proceed to the next step and observe if the application crashes, indicating the presence of the vulnerability.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the file open dialog in the affected Everest/AIDA64 version 5.50.2100 with untrusted or crafted input buffers.

Since the vulnerability requires local access and user interaction, restrict local access to trusted users only and educate users not to paste large repeated character buffers into the file open dialog.

Additionally, monitor for updates or patches from the vendor (FinalWire) and apply them once available to fully remediate the issue.

Impact Analysis

This vulnerability can cause the Everest/AIDA64 application to crash when a specially crafted input is pasted into the file open dialog. This results in a denial of service condition, where legitimate users are unable to use the application until it is restarted.

Since the vulnerability requires local access and user interaction (pasting the buffer), it primarily impacts availability of the application on the affected system.

Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37140. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart