Primary

Context

HNB Organizer Local Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A local buffer overflow vulnerability has been identified in HNB Organizer version 1.9.18-10. This vulnerability allows local attackers to execute arbitrary code by providing an oversized argument to the '-rc' command-line parameter. The exploit involves crafting a malicious input string that exceeds 108 bytes, including shellcode and a return address, to overwrite the stack and achieve code execution.

Impact

Exploitation of this vulnerability leads to a local buffer overflow, allowing for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by running the HNB Organizer application with the '-rc' command-line parameter, followed by a crafted input string that is 108 bytes or longer. The input should include shellcode and a return address to exploit the buffer overflow and execute arbitrary code.

Added: Mar 28, 2026, 12:20 PM

Updated: Mar 28, 2026, 12:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HNB Organizer Local Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating