Base64 Decoder
Monthly
Local arbitrary code execution in 4mhz Base64 Decoder 1.1.2 occurs when the application processes a maliciously crafted input file, causing a stack-based buffer overflow that overwrites the Structured Exception Handler (SEH) chain. Publicly available exploit code exists (Exploit-DB 46625) demonstrating an SEH overwrite chained with a POP-POP-RET gadget and an egghunter payload to reach attacker-supplied shellcode. Despite CVSS 8.6 and a working PoC, EPSS is only 0.01% (2nd percentile), reflecting the niche Windows utility and local-only attack vector.
Local arbitrary code execution in 4mhz Base64 Decoder 1.1.2 occurs when the application processes a maliciously crafted input file, causing a stack-based buffer overflow that overwrites the Structured Exception Handler (SEH) chain. Publicly available exploit code exists (Exploit-DB 46625) demonstrating an SEH overwrite chained with a POP-POP-RET gadget and an egghunter payload to reach attacker-supplied shellcode. Despite CVSS 8.6 and a working PoC, EPSS is only 0.01% (2nd percentile), reflecting the niche Windows utility and local-only attack vector.