Description
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a buffer overflow and execute arbitrary code via ROP chain gadgets.
Published: 2026-04-12
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Code Execution
Action: Patch
AI Analysis

Impact

Faleemi Desktop Software version 1.8 contains a local stack buffer overflow in the System Setup dialog. By injecting a crafted payload into the Save Path for Snapshot and Record file field, an attacker can trigger the overflow and bypass Data Execution Prevention protections via structured exception handling. The vulnerability enables execution of arbitrary code through a return‑oriented programming chain, allowing a local user to run code with the privileges of the application.

Affected Systems

The issue affects the 1.8 release of Faleemi Desktop Software. No specific patch information is included in the advisory, so users must install the latest version released by the vendor to eliminate the flaw.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity. The vulnerability is local, requiring that the attacker has access to the affected machine and can manipulate the System Setup dialog. No EPSS score or KEV listing suggests it has not been widely observed in the wild. If exploited, an attacker could gain complete control of the local system, elevating or maintaining privileges as permitted by the application context.

Generated by OpenCVE AI on April 12, 2026 at 13:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest update for Faleemi Desktop Software released by the vendor.
  • If a patch is not immediately available, limit user access to the System Setup dialog or disable the Save Path for Snapshot and Record file field to reduce the attack surface.
  • Monitor the system for anomalous activity that may indicate exploitation and apply future vendor guidance promptly.

Generated by OpenCVE AI on April 12, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Faleemi
Faleemi faleemi Desktop Software
Vendors & Products Faleemi
Faleemi faleemi Desktop Software

Mon, 13 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 12 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a buffer overflow and execute arbitrary code via ROP chain gadgets.
Title Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Faleemi Faleemi Desktop Software
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-13T12:11:35.418Z

Reserved: 2026-04-05T15:32:50.569Z

Link: CVE-2019-25691

cve-icon Vulnrichment

Updated: 2026-04-13T12:11:25.806Z

cve-icon NVD

Status : Deferred

Published: 2026-04-12T13:16:32.103

Modified: 2026-04-15T15:00:32.790

Link: CVE-2019-25691

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:56:00Z

Weaknesses