cbcvebase.
CVE-2017-14627
published 2017-09-23

CVE-2017-14627: Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2)…

PriorityP352high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
19.19%
97.0th percentile
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.

Affected

1 ranges
VendorProductVersion rangeFixed in
cyberlinklabelprint

Detection & IOCsextracted from sources · hover to see the quote

filenamemsf.lpp
filename.lpp
  • ·The exploit junk character must be specifically one of 'A', 'B', or 'C' — random selection from this static set is a deliberate constraint of the unicode encoding chain, not arbitrary.
  • ·The Metasploit module sets DisablePayloadHandler to true by default, meaning the attacker must manage their own handler externally — detections relying solely on Metasploit handler traffic may miss this.
  • ·The SEH overwrite offset is fixed at 790 bytes across all three target OS variants (Win7/8.1/10 x64); padding values differ per target (Padding1: 857/845/781, Padding2: 104/116/180).
  • ·The exploit uses x86/unicode_mixed encoder with EAX as the buffer register; decoded payload space is up to 15,000 bytes — signatures must account for unicode-encoded shellcode, not raw shellcode.

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.