CVE-2017-20225
Received Received - Intake
Stack-Based Buffer Overflow in TiEmu 2.08 Enables Code Execution

Publication date: 2026-03-28

Last updated on: 2026-04-08

Assigner: VulnCheck

Description
TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-28
Last Modified
2026-04-08
Generated
2026-06-16
AI Q&A
2026-03-28
EPSS Evaluated
2026-06-15
NVD
CVE-2017-20225
EUVD
EUVD-2017-18943
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ticalc tiemu to 2.0.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2017-20225 is a critical stack-based buffer overflow vulnerability in TiEmu version 2.08 and earlier. It occurs because the application does not properly check the boundaries of user-supplied input passed via command-line arguments.

This flaw allows attackers to perform an out-of-bounds write, overwriting parts of the stack including the Structured Exception Handler (SEH). By crafting a malicious input buffer, attackers can use Return-Oriented Programming (ROP) gadgets to bypass security protections and execute arbitrary shellcode within the context of the TiEmu application.

Successful exploitation can lead to arbitrary code execution, such as launching programs like calc.exe. Failed attempts may cause the application to crash, resulting in a denial-of-service condition.

Impact Analysis

This vulnerability can have severe impacts including allowing an attacker to execute arbitrary code on the system running TiEmu.

  • Execution of malicious code within the TiEmu application context.
  • Potential full compromise of the affected system depending on the privileges of the TiEmu process.
  • Denial-of-service conditions caused by failed exploitation attempts crashing the application.
Detection Guidance

This vulnerability can be detected by checking if the TiEmu application version 2.08 or earlier is present on the system, as the buffer overflow occurs through command-line arguments passed to TiEmu.

Since the exploit involves passing a crafted input buffer to the TiEmu executable (tiemu.exe), detection can involve monitoring for unusual or malformed command-line arguments to TiEmu.

Specific commands to detect the presence of the vulnerable TiEmu executable include:

  • On Windows, use: `where tiemu.exe` or `dir /s tiemu.exe` to locate the executable.
  • Check the version of TiEmu by running: `tiemu.exe --version` or by inspecting file properties.

To detect exploitation attempts, monitor for crashes or denial-of-service conditions related to TiEmu, as failed exploit attempts may cause such behavior.

Mitigation Strategies

Immediate mitigation steps include:

  • Avoid running TiEmu version 2.08 or earlier until a patched version is available.
  • Restrict access to the TiEmu executable to trusted users only.
  • Monitor and block suspicious command-line arguments or inputs to TiEmu that could trigger the buffer overflow.
  • If possible, run TiEmu in a sandboxed or isolated environment to limit the impact of potential exploitation.

Since the vulnerability allows arbitrary code execution via crafted input, applying any available patches or updates from the vendor as soon as they are released is critical.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20225. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart