CVE-2020-37126
CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-02-05
disclosure@vulncheck.com
9.8
CVSS 3.1
Share
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Lifecycle Timeline
3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Feb 05, 2026 - 20:47 vuln.today
Public exploit code
CVE Published
Feb 05, 2026 - 17:16 nvd
CRITICAL 9.8
DescriptionNVD
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code.
AnalysisAI
Stack overflow in Free Desktop Clock 3.0 triggered by crafted Time Zones display name input allows attackers to execute arbitrary code. PoC available.
Technical ContextAI
CWE-121 stack overflow in time zone display name processing. Oversized input overwrites return addresses on the stack.
Affected ProductsAI
Free Desktop Clock 3.0
RemediationAI
Update to a patched version. Validate input length for timezone display names.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).