CVE-2019-25589
Received Received - Intake
Buffer Overflow in ZOC Terminal Shell Field Causes Crash

Publication date: 2026-03-22

Last updated on: 2026-04-15

Assigner: VulnCheck

Description
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when accessing the Command Shell feature.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25589
EUVD
EUVD-2019-19920
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
emtec zoc 7.23.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25589 is a buffer overflow vulnerability in ZOC Terminal version 7.23.4. It occurs in the Shell field of the Program Settings, where supplying an excessively long string causes an out-of-bounds write. This flaw allows local attackers to crash the application by pasting a specially crafted payload into the Shell configuration field and then triggering the crash when accessing the Command Shell feature.

Impact Analysis

This vulnerability can cause a denial of service (DoS) by crashing the ZOC Terminal application. An attacker with local access can exploit this by pasting a crafted payload into the Shell configuration field, causing the application to crash when the Command Shell feature is accessed. This disrupts availability but does not affect confidentiality or integrity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the crash condition in the ZOC Terminal application. Specifically, a proof-of-concept payload consisting of 270 'A' characters can be generated and pasted into the Shell configuration field under Options > Program Settings... > Special Files."}, {'type': 'paragraph', 'content': 'The process involves creating a file with the payload, copying it to the clipboard, and then pasting it into the Shell field. When the Command Shell feature is accessed afterward, the application will crash if vulnerable.'}, {'type': 'list_item', 'content': "Generate the payload using a script or command that outputs 270 'A' characters (e.g., in Python: print('\\x41' * 270))."}, {'type': 'list_item', 'content': 'Copy the payload to the clipboard.'}, {'type': 'list_item', 'content': "Paste the payload into the Shell field in ZOC Terminal's Program Settings."}, {'type': 'list_item', 'content': 'Save the settings and open the Command Shell feature to observe if the application crashes.'}] [1, 2]

Mitigation Strategies

Immediate mitigation involves avoiding the use of excessively long strings in the Shell configuration field of ZOC Terminal to prevent triggering the buffer overflow.

Since the vulnerability requires local access to paste the payload into the Shell field, restricting access to the application settings and limiting user permissions can reduce risk.

Additionally, monitoring for application crashes related to the Command Shell feature can help detect exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25589. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart