CVE-2020-37140
Denial of Service in AIDA64 File Open Functionality
Publication date: 2026-02-05
Last updated on: 2026-03-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aida64 | aida64 | 5.50.2100 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2020-37140 is a local denial of service (DoS) vulnerability in Everest (later known as AIDA64) version 5.50.2100 and earlier. The vulnerability arises from improper handling of input in the file open dialog of the application.'}, {'type': 'paragraph', 'content': 'An attacker can create a 450-byte buffer filled with repeated characters and paste it into the file open dialog, which causes the application to crash. This crash is triggered because the application does not properly handle this specially crafted input.'}, {'type': 'paragraph', 'content': "The exploit involves copying a buffer of 450 'A' characters into the clipboard and pasting it into the 'Open File' field during the report assistant workflow, leading to an application crash."}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause the Everest/AIDA64 application to crash when a specially crafted input is pasted into the file open dialog. This results in a denial of service condition, where legitimate users are unable to use the application until it is restarted.
Since the vulnerability requires local access and user interaction (pasting the buffer), it primarily impacts availability of the application on the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the affected Everest (AIDA64) version 5.50.2100. Specifically, create a buffer of 450 repeated characters and paste it into the file open dialog within the application to see if it crashes.'}, {'type': 'list_item', 'content': 'Create a file named "Everest.txt" containing 450 repeated "A" characters.'}, {'type': 'list_item', 'content': 'Copy the contents of this file to the clipboard.'}, {'type': 'list_item', 'content': 'Open Everest/AIDA64 and navigate to the "Informe" > "Asistente de Informes" section.'}, {'type': 'list_item', 'content': 'Paste the buffer into the "Abrir Archivo" (Open File) dialog.'}, {'type': 'list_item', 'content': 'Proceed to the next step and observe if the application crashes, indicating the presence of the vulnerability.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the file open dialog in the affected Everest/AIDA64 version 5.50.2100 with untrusted or crafted input buffers.
Since the vulnerability requires local access and user interaction, restrict local access to trusted users only and educate users not to paste large repeated character buffers into the file open dialog.
Additionally, monitor for updates or patches from the vendor (FinalWire) and apply them once available to fully remediate the issue.