Description
SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during registration to execute arbitrary code with application privileges.
Published: 2026-04-29
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SysGauge Pro version 4.6.12 contains a classic stack‑based buffer overflow in its Register function. The flaw allows an attacker to supply a crafted unlock key that overwrites the structured exception handler and inject shellcode into the application’s memory. Consequently, a local user who can launch the program can execute arbitrary code with the same privileges as the application, effectively gaining control of the host.

Affected Systems

The only affected product listed is SysGauge Pro, specifically version 4.6.12. No other versions or separate products are noted as impacted in the available CNA data.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity vulnerability. The EPSS score of < 1% indicates a very low probability of exploitation, and the vulnerability is not listed in CISA’s KEV catalog, suggesting that widespread exploitation has not been observed. The attack vector is local, inferred from the requirement that an attacker must run the application and supply a crafted unlock key. An attacker with local privileges can trigger the overflow, overwrite SEH, and run arbitrary code in the context of the application, posing a significant risk for privilege escalation and system compromise.

Generated by OpenCVE AI on May 2, 2026 at 00:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update SysGauge Pro to the latest patched version that fixes the Register function buffer overflow.
  • Change the application's execution privileges so it runs with the least privilege necessary and restrict access to the executable to trusted administrators.
  • If an update cannot be applied immediately, disable or remove the registration feature that processes the unlock key, thereby eliminating the vulnerable code path and preventing the overflow.

Generated by OpenCVE AI on May 2, 2026 at 00:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Sysgauge
Sysgauge sysgauge Pro
Vendors & Products Sysgauge
Sysgauge sysgauge Pro

Wed, 29 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during registration to execute arbitrary code with application privileges.
Title SysGauge Pro 4.6.12 Local Buffer Overflow SEH
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Sysgauge Sysgauge Pro
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-01T16:39:07.231Z

Reserved: 2026-04-29T12:12:37.836Z

Link: CVE-2018-25307

cve-icon Vulnrichment

Updated: 2026-05-01T16:39:02.398Z

cve-icon NVD

Status : Deferred

Published: 2026-04-29T20:16:26.183

Modified: 2026-04-30T15:44:48.290

Link: CVE-2018-25307

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T00:45:30Z

Weaknesses