Faleemi Desktop Software CVE-2019-25691: Buffer Overflow Bypasses DEP

/HIGH
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-787
Faleemi Desktop Software CVE-2019-25691: Buffer Overflow Bypasses DEP

The National Vulnerability Database (NVD) has detailed a high-severity local buffer overflow (CVE-2019-25691) in Faleemi Desktop Software version 1.8. This vulnerability, impacting the System Setup dialog, allows attackers to effectively bypass Data Execution Prevention (DEP) protections through structured exception handling exploitation.

According to NVD, an attacker can inject a specially crafted payload into the “Save Path for Snapshot and Record file” field. This triggers the buffer overflow, enabling the execution of arbitrary code via Return-Oriented Programming (ROP) chain gadgets. The CVSS score for this flaw is 8.4, classifying it as HIGH severity, with a vector indicating local access, low attack complexity, and no privileges required, leading to high impacts on confidentiality, integrity, and availability. This is a classic CWE-787 (Out-of-bounds Write) scenario, a common pitfall that, even in older software, can lead to complete system compromise if not addressed.

Related ATT&CK Techniques

T1059.001 PowerShell Execution T1055.012 Process Hollowing Privilege Escalation T1190 Exploit Public-Facing Application Initial Access

🛡️ Detection Rules

5 rules · 5 SIEM formats

5 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.

high T1059.001 Execution

Suspicious PowerShell Execution

Sigma Splunk SPL Sentinel KQL Elastic QRadar AQL

Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.

5 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get Detection Rules →

Indicators of Compromise

IDTypeIndicator
CVE-2019-25691 Buffer Overflow Faleemi Desktop Software version 1.8
CVE-2019-25691 RCE Local buffer overflow in System Setup dialog via Save Path for Snapshot and Record file field
CVE-2019-25691 Bypass Protection Bypass DEP protections through structured exception handling exploitation

By Shimi's Cyber World Editorial

Related Posts

Critical RCE Flaw Hits NuGet Gallery Backend

CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-20cwe-22
/CRITICAL /⚑ 4 IOCs

BoidCMS LFI to RCE: A Critical Template Flaw

CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...

vulnerabilityCVEhigh-severityremote-code-executioncwe-98
/HIGH /⚑ 4 IOCs

Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk

CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...

vulnerabilityCVEhigh-severitycwe-1385
/HIGH /⚑ 5 IOCs