R 3.4.4 Local Buffer Overflow: Arbitrary Code Execution via GUI

/HIGH
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-787
R 3.4.4 Local Buffer Overflow: Arbitrary Code Execution via GUI

A critical local buffer overflow vulnerability, identified as CVE-2019-25695, has been reported in R version 3.4.4. According to the National Vulnerability Database, this flaw allows attackers to achieve arbitrary code execution by injecting malicious input into the GUI Preferences language field. This isn’t some remote zero-day, but it’s a nasty local exploit that could give an attacker a beachhead if they gain initial access to a system.

The exploit reportedly involves crafting a payload with a 292-byte offset and a JMP ESP instruction. When this payload is pasted into the ‘Language for menus and messages’ field within the R GUI, it can trigger commands like calc.exe — a classic proof-of-concept for code execution. The National Vulnerability Database has assigned this vulnerability a CVSS score of 8.4 (HIGH), underscoring the severity of potential compromise.

Related ATT&CK Techniques

T1218.008 Signed Binary Proxy Execution: Microsoft Office Execution T1059.001 Command and Scripting Interpreter: PowerShell Execution T1059.003 Command and Scripting Interpreter: Windows Command Shell Execution

🛡️ Detection Rules

3 rules · 5 SIEM formats

3 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.

high T1059.001 Execution

Suspicious PowerShell Execution

Sigma Splunk SPL Sentinel KQL Elastic QRadar AQL

Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.

3 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get Detection Rules →

Indicators of Compromise

IDTypeIndicator
CVE-2019-25695 Buffer Overflow R 3.4.4
CVE-2019-25695 Code Injection GUI Preferences language field
CVE-2019-25695 Code Injection Payload with 292-byte offset and JMP ESP instruction

By Shimi's Cyber World Editorial

Related Posts

Critical RCE Flaw Hits NuGet Gallery Backend

CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-20cwe-22
/CRITICAL /⚑ 4 IOCs

BoidCMS LFI to RCE: A Critical Template Flaw

CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...

vulnerabilityCVEhigh-severityremote-code-executioncwe-98
/HIGH /⚑ 4 IOCs

Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk

CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...

vulnerabilityCVEhigh-severitycwe-1385
/HIGH /⚑ 5 IOCs