CVE-2019-25615
SEH Buffer Overflow in Lavavo CD Ripper Enables Code Execution
Publication date: 2026-03-22
Last updated on: 2026-03-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lavavo | cd_ripper | 4.20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25615 is a local structured exception handling (SEH) buffer overflow vulnerability in Lavavo CD Ripper version 4.20. It occurs when a local attacker supplies a specially crafted malicious string in the License Activation Name field. This crafted input overflows the buffer and overwrites SEH handler addresses, allowing the attacker to execute arbitrary code.'}, {'type': 'paragraph', 'content': "The exploit involves creating a payload with controlled buffer data, NSEH jump instructions, and SEH handler addresses to trigger the overflow. Successful exploitation results in the attacker gaining control of the program's execution flow and establishing a bind shell on port 3110, enabling remote command execution."}] [1, 2]
How can this vulnerability impact me? :
This vulnerability allows a local attacker to execute arbitrary code on the affected system without requiring privileges or user interaction. By exploiting the buffer overflow in the License Activation Name field, an attacker can establish a bind shell on port 3110, providing remote command execution capabilities.
The impact includes full compromise of confidentiality, integrity, and availability of the affected system, as indicated by the high CVSS scores (8.4 in v3.1 and 8.6 in v4.0). This could lead to unauthorized access, data theft, system manipulation, or denial of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of Lavavo CD Ripper version 4.20 or earlier installed on the system, and by monitoring for unusual activity related to the License Activation Name field input.
Since the exploit triggers a bind shell on port 3110, you can detect exploitation attempts by monitoring network connections or listening ports for activity on TCP port 3110.
- Use netstat or similar commands to check for listening services on port 3110, for example: netstat -an | findstr 3110
- On Linux or Windows with PowerShell, you can run: netstat -ano | findstr :3110
- Check running processes for LavavoCDRipper.exe to identify if the vulnerable application is active.
- Monitor logs or use intrusion detection systems to detect attempts to input unusually long or malformed strings into the License Activation Name field.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing local attackers from accessing the vulnerable Lavavo CD Ripper 4.20 application or restricting its usage.
Since the vulnerability is triggered by supplying a malicious string in the License Activation Name field, avoid using or entering untrusted license activation data.
- Restrict local user permissions to prevent unauthorized users from running Lavavo CD Ripper.
- Monitor and block inbound and outbound traffic on TCP port 3110 to prevent bind shell connections.
- If possible, uninstall or upgrade Lavavo CD Ripper to a version that is not vulnerable.
- Implement application whitelisting to prevent execution of unauthorized or vulnerable binaries.