CVE-2019-25357

Name of the Vulnerable Software and Affected Versions Control Center PRO version 6.2.9

Description The software contains a stack-based buffer overflow in the username field of the user creation module. This allows attackers to overwrite the Structured Exception Handler (SEH). By crafting a malicious payload exceeding 664 bytes, attackers can inject shellcode and potentially execute arbitrary code on vulnerable Windows systems. The Structured Exception Handler (SEH) is a component of the Windows operating system that handles exceptions during program execution.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict the length of the username field during user creation to less than 664 bytes.