Mersenne Research Prime95
Moderate fix1 remedy
cpe:2.3:a:mersenne:prime95:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 29.4b8
Prime95 Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
Patched
A local buffer overflow vulnerability has been identified in Prime95 version 29.4b8. This vulnerability allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. The buffer overflow can be triggered by injecting a malicious payload through the optional proxy hostname field in the PrimeNet connection settings, which then executes system commands.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution on the affected system.
Reproduction
To reproduce this vulnerability, open Prime95 version 29.4b8 and navigate to the 'Test' menu. Select 'PrimeNet' and check the 'Connections' option. In the optional proxy hostname field, paste the contents of 'open.txt', which should contain a crafted payload designed to overflow the buffer. Once this is done, the calculator application will open, indicating that the payload was successfully executed.
Remediation
Users are advised to upgrade to Prime95 version 30.19 or later, which is available on the official Prime95 website.
Added: Apr 29, 2026, 8:37 PM
Updated: Apr 29, 2026, 8:37 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
7.5exploitability
4.0remediation
7.7relevance
7.0threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.