A critical buffer overflow in Prime95 allows attackers to execute arbitrary code and gain remote access to systems by exploiting the user ID input fields.

This stack-based buffer overflow is triggered when a malicious payload is pasted into the PrimeNet user ID or proxy host fields. Successful exploitation allows an attacker to execute arbitrary code and open a bind shell on port 3110.

A CVSS score of 9.8 indicates a critical risk. If Prime95 is used on corporate systems (e.g., for stress testing), an attacker could gain a persistent foothold on the network, enabling further exploitation, data theft, and potential ransomware deployment.

Immediate Action: Update Prime95 to the latest version or uninstall version 29.8 build 6 immediately.

Proactive Monitoring: Monitor network traffic for unauthorized connections on port 3110 and scan endpoints for the presence of vulnerable Prime95 installations.

Compensating Controls: Use host-based intrusion prevention systems (HIPS) to detect and block buffer overflow attempts and restrict the use of stress-testing software to isolated, non-production environments.

Public Exploit Available: false

Organizations should strictly control the use of third-party utility software like Prime95. Ensure that all such tools are kept up to date and are only utilized by authorized personnel within controlled environments to minimize the risk of remote code execution.