A critical buffer overflow in Rubo DICOM Viewer allows attackers to execute arbitrary code remotely by exploiting an improperly handled input field in the DICOM server configuration.

The vulnerability exists in the DICOM server name input field. An attacker can provide a specially crafted string—potentially via a malicious configuration file or direct input—that overflows the buffer, overwrites the Structured Exception Handler (SEH), and redirects execution to an attacker-controlled payload.

In a medical environment, the compromise of a DICOM viewer can lead to the theft of Protected Health Information (PHI) or the manipulation of medical records. A successful exploit grants the attacker the same privileges as the user running the viewer, often leading to full workstation compromise. The CVSS score of 9.8 highlights the critical nature of this flaw.

Immediate Action: Update Rubo DICOM Viewer to the latest version. If the software is no longer supported, migrate to a secure, modern DICOM viewing solution.

Proactive Monitoring: Review system logs for application crashes related to the DICOM viewer and monitor for unauthorized network connections originating from medical imaging workstations.

Compensating Controls: Implement strict application whitelisting and restrict the ability of the viewer to process files from untrusted or external sources.

Public Exploit Available: No

Healthcare organizations must prioritize the security of medical imaging software. We recommend an immediate audit of all workstations running Rubo DICOM Viewer 2.0. Given the sensitivity of medical data, the software should be updated or replaced immediately to prevent remote code execution and potential HIPAA violations.