CVE-2019-25735
8.4 HIGHAllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception hand...
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 8.4 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-120
Description
AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code execution to run arbitrary commands with user privileges.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-30141 — An issue was discovered in bitbank2 AnimatedGIF v2.2.0 (9.8 CRITICAL)
- CVE-2026-11517 — A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107 (8.8 HIGH)
- CVE-2026-11516 — A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107 (5.5 MEDIUM)
- CVE-2019-25741 — Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of sessio... (9.8 CRITICAL)
- CVE-2019-25736 — LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a... (8.4 HIGH)