CVE-2019-25485
Buffer Overflow in R 3.4.4 GUI Enables Local Code Execution
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the_r_foundation | r | 3.4.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in R version 3.4.4 on Windows x64, specifically in the GUI Preferences language menu field. It allows a local attacker to bypass security protections like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR).
An attacker can inject a specially crafted payload into the Language for menus preference, which triggers a structured exception handler (SEH) chain pivot. This lets the attacker execute arbitrary shellcode with the same privileges as the application.
The exploit involves overwriting the SEH handler to redirect execution flow, constructing a Return-Oriented Programming (ROP) chain to call VirtualProtect() and mark memory as executable, and then running shellcode (for example, launching calc.exe) to demonstrate code execution.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code with the privileges of the R application on a Windows x64 system. Because it bypasses DEP and ASLR, it can lead to local privilege escalation or unauthorized code execution.
An attacker who can access the R GUI can inject malicious payloads to run arbitrary commands or programs, potentially compromising the system or stealing data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a local buffer overflow in R 3.4.4 on Windows x64 triggered by pasting a crafted payload into the "Language for menus" GUI preference. Detection involves checking if the R application has been manipulated with such payloads.'}, {'type': 'paragraph', 'content': "Since the exploit is local and involves a crafted input in the GUI preferences, network detection is not applicable. Instead, detection can focus on monitoring the R application's configuration files or registry entries related to the language menu preference for suspicious or unusually long inputs."}, {'type': 'paragraph', 'content': 'No specific commands are provided in the resources, but you can manually inspect or script checks for the "Language for menus" preference in R\'s configuration or GUI settings to detect abnormal or overly long strings that could indicate an exploit attempt.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of R version 3.4.4 on Windows x64 or restricting local access to the application to trusted users only, as the exploit requires local interaction.
Since the vulnerability is triggered by pasting a crafted payload into the Language for menus preference, do not allow untrusted users to modify this setting.
Applying any available patches or upgrading to a later, fixed version of R is recommended once available.
Additionally, monitoring and restricting local privilege escalation attempts and applying standard endpoint protection measures can help mitigate exploitation.