Primary

Context

SysGauge Pro Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A local buffer overflow vulnerability has been identified in SysGauge Pro version 4.6.12. This vulnerability exists in the Register function, where local attackers can overwrite the structured exception handler by providing a crafted unlock key. Exploitation involves injecting shellcode through the Unlock Key field during the registration process, which can then be executed with application privileges.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with the privileges of the application.

Reproduction

To reproduce this vulnerability, register a new account in SysGauge Pro 4.6.12. In the Customer Name field, enter a name such as 'falafel'. Then, paste the injected shellcode into the Unlock Key field and click 'Register'. The injected shellcode will be executed, demonstrating the buffer overflow vulnerability.

Added: Apr 29, 2026, 8:29 PM

Updated: Apr 29, 2026, 8:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

7.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

7.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SysGauge Pro Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Flexense SysGauge Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating