CVE-2020-37031

Name of the Vulnerable Software and Affected Versions Simple Startup Manager version 1.17

Description Simple Startup Manager version 1.17 contains a local buffer overflow that allows attackers to execute arbitrary code. The issue occurs due to overwriting memory through the 'File' input parameter. An attacker can craft a malicious payload of 268 bytes to trigger code execution, bypassing Data Execution Prevention (DEP) and overwriting memory addresses. In a reported instance, attackers launched calc.exe. The 'File' input parameter is a component used to process file-related operations within the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.