Description
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges.
Published: 2026-03-22
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Arbitrary Code Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow in the Log Directory configuration field of JetCast Server 2.0. By supplying a crafted input, an attacker can overwrite structured exception handling pointers and execute arbitrary alphanumeric shellcode under the application's privileges. This results in local arbitrary code execution with the same rights as the running instance of JetCast Server.

Affected Systems

Jetaudio’s JetCast Server version 2.0 is affected. The CVE references a specific build of the JCS2000.exe binary associated with this version. No other versions are explicitly mentioned.

Risk and Exploitability

The Common Vulnerability Scoring System rates the flaw a score of 8.6, indicating a‑severity local privilege escalation risk. Exploitation requires local access to the machine or to a user account with permissions to modify the server’s configuration. No public exploit databases have listed this vulnerability in the KEV catalog, and there is no EPSS score available, but the high CVSS score suggests that if an attacker can achieve local execution, the impact would be severe. The likely attack vector is through the client interface that allows editing of the Log Directory field, where a specially crafted configuration string triggers the SEH overwrite.

Generated by OpenCVE AI on March 22, 2026 at 14:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply any vendor patch or update for JetCast Server
  • Disable or restrict access to the Log Directory configuration field if possible
  • Uninstall JetCast Server if the functionality is no longer needed
  • Implement application whitelisting to prevent unauthorized execution
  • Monitor the system for abnormal crashes or SEH exceptions

Generated by OpenCVE AI on March 22, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges.
Title JetAudio jetCast Server 2.0 Local SEH Buffer Overflow
First Time appeared Jetaudio
Jetaudio jetaudio
Weaknesses CWE-787
CPEs cpe:2.3:a:jetaudio:jetaudio:2.0:*:*:*:*:*:*:*
Vendors & Products Jetaudio
Jetaudio jetaudio
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Jetaudio Jetaudio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T13:41:49.021Z

Reserved: 2026-03-22T13:15:27.088Z

Link: CVE-2019-25609

cve-icon Vulnrichment

Updated: 2026-03-25T13:41:43.530Z

cve-icon NVD

Status : Deferred

Published: 2026-03-22T14:16:28.990

Modified: 2026-04-16T16:19:50.757

Link: CVE-2019-25609

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:07Z

Weaknesses