CVE-2019-25634
Stack-Based Buffer Overflow in Base64 Decoder 1.1.2 Enables Code Execution
Publication date: 2026-03-24
Last updated on: 2026-03-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25634 is a stack-based buffer overflow vulnerability in Base64 Decoder version 1.1.2. It allows local attackers to execute arbitrary code by exploiting a flaw in how the program handles input files.
Attackers craft a malicious input file that overflows a buffer and overwrites the Structured Exception Handler (SEH) chain with the address of a POP-POP-RET gadget. This manipulation enables the execution of an egghunter payload, which searches memory to find and run shellcode, ultimately allowing the attacker to execute arbitrary code on the affected system.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows local attackers to execute arbitrary code on the affected system.
- Attackers can gain control over the vulnerable application and potentially the underlying system.
- It can lead to privilege escalation if the vulnerable application runs with elevated privileges.
- Malicious code execution can result in data theft, system compromise, or further attacks such as installing malware or creating backdoors.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying the presence of Base64 Decoder version 1.1.2 on your system and checking for suspicious input files that may trigger the buffer overflow.'}, {'type': 'paragraph', 'content': 'One practical approach is to look for the malicious input file named "crash.txt" or similar crafted files that contain the exploit payload designed to overflow the buffer and overwrite the SEH chain.'}, {'type': 'paragraph', 'content': 'Since the exploit involves a local buffer overflow triggered by a crafted input file, you can monitor for abnormal crashes or exceptions in the Base64 Decoder application.'}, {'type': 'paragraph', 'content': 'Suggested commands include scanning your system for the vulnerable executable and suspicious files:'}, {'type': 'list_item', 'content': 'On Windows, use: `where b64dec.exe` or `dir /s b64dec.exe` to locate the vulnerable application.'}, {'type': 'list_item', 'content': 'Search for suspicious input files: `dir /s crash.txt` or use PowerShell to find files with unusual sizes or recent modification dates.'}, {'type': 'list_item', 'content': 'Monitor application crashes or exceptions related to Base64 Decoder using Event Viewer or Windows Error Reporting logs.'}, {'type': 'paragraph', 'content': 'Network detection is limited since this is a local vulnerability, but monitoring for unusual local process behavior or unexpected execution of shellcode payloads may help.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Remove or disable Base64 Decoder version 1.1.2 from your system to prevent exploitation.
- Avoid opening or processing untrusted or suspicious input files that could trigger the buffer overflow.
- Apply any available patches or updates from the software vendor if they release a fixed version.
- Restrict local user permissions to limit the ability of attackers to execute the vulnerable application.
- Monitor system logs for unusual activity or crashes related to the Base64 Decoder application.