Description
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establish a bind shell.
Published: 2026-03-22
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local code execution
Action: Patch
AI Analysis

Impact

A buffer overflow occurs in the SEH processing of the license code field in TuneClone version 2.20. When an attacker supplies a malicious license string that contains a full stack buffer, an NSEH jump instruction and an SEH handler address pointing to a return‑oriented‑programming gadget, the overflow corrupts the exception chain and allows execution of arbitrary code. The vulnerability is limited to the TuneClone process, but the code runs with the same privileges as the user who supplies the license, providing local code execution.

Affected Systems

The flaw affects the TuneClone application. Only the 2.20 build distributed by TuneClone is known to contain the legacy SEH handler code that triggers the overflow. No other versions or additional vendors were identified in the CNA data.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity risk. No EPSS score is available and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers must have local access to the target machine to supply the crafted license string, meaning the exploitation path requires a user session or some form of remote foothold that enables local input. The existence of publicly available exploits and a known ROP gadget sequence suggests that skilled adversaries can manually construct a payload. Because execution occurs with the caller’s privileges, the vulnerability can be used for local privilege escalation or to run malware within the TuneClone process.

Generated by OpenCVE AI on March 22, 2026 at 15:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether a newer version of TuneClone is available and upgrade if possible.
  • If no patch exists, restrict write and execute permissions on the TuneClone binary and its installation directory.
  • Disable or remove the ability for non‑trusted users to enter custom license codes where feasible.
  • Monitor application logs for abnormal license entries or repeated crashes.
  • Implement application whitelisting or antivirus signatures that detect the known exploit payload.

Generated by OpenCVE AI on March 22, 2026 at 15:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Tuneclone
Tuneclone tuneclone
Vendors & Products Tuneclone
Tuneclone tuneclone

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establish a bind shell.
Title TuneClone 2.20 Structured Exception Handler Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tuneclone Tuneclone
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T13:40:10.077Z

Reserved: 2026-03-22T13:05:10.167Z

Link: CVE-2019-25603

cve-icon Vulnrichment

Updated: 2026-03-25T13:40:04.906Z

cve-icon NVD

Status : Deferred

Published: 2026-03-22T14:16:27.893

Modified: 2026-04-16T16:19:50.757

Link: CVE-2019-25603

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:13Z

Weaknesses