high advisory March 24, 2026

FlexHEX 2.71 Local Buffer Overflow Vulnerability (CVE-2019-25627)

FlexHEX 2.71 is vulnerable to a local buffer overflow in the Stream Name field, allowing local attackers to execute arbitrary code via a structured exception handler (SEH) overflow.

FlexHEX 2.71 is susceptible to a local buffer overflow vulnerability (CVE-2019-25627) found within the Stream Name field. This flaw enables a local attacker to execute arbitrary code by exploiting a structured exception handler (SEH) overflow. The attack involves crafting a malicious text file containing precisely aligned shellcode and SEH chain pointers. By pasting this crafted content into the Stream Name dialog within FlexHEX, the attacker can trigger the SEH overflow and execute commands…

Detection coverage 2

Detect Calc.exe spawned by FlexHEX

high

Detects the execution of calc.exe as a child process of FlexHEX, which may indicate successful exploitation of CVE-2019-25627.

sigma tactics: execution, privilege_escalation techniques: T1059.001 sources: process_creation, windows

Detect FlexHEX Writing Executables to Temp Directory

medium

Detects FlexHEX writing executable files to the temp directory, which could indicate shellcode being written for execution.

sigma tactics: defense_evasion techniques: T1027 sources: file_event, windows

Detection queries are kept inside the platform. Get full rules →