CVE-2020-37120 – CVE-2020-37120 is a critical buffer overflow vu... (How to Fix)

Q: What is the severity of CVE-2020-37120?

CVE-2020-37120 has a CVSS score of 9.8 (CRITICAL). CVE-2020-37120 is a critical buffer overflow vulnerability in Rubo DICOM Viewer 2.0 that allows attackers to execute arbitrary code by exploiting the Structured Exception Handler (SEH) through a malicious text file. This affects all users of Rubo DICOM Viewer 2.0 who process untrusted DICOM files. Successful exploitation gives attackers complete control over the affected system.

📋 TL;DR

CVE-2020-37120 is a critical buffer overflow vulnerability in Rubo DICOM Viewer 2.0 that allows attackers to execute arbitrary code by exploiting the Structured Exception Handler (SEH) through a malicious text file. This affects all users of Rubo DICOM Viewer 2.0 who process untrusted DICOM files. Successful exploitation gives attackers complete control over the affected system.

💻 Affected Systems

Products:

Rubo DICOM Viewer

Versions: 2.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the DICOM server name input field when processing specially crafted text files.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation or remote code execution when processing malicious DICOM files, leading to data theft or ransomware deployment.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and network access is restricted, though local code execution remains possible.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID 48351), making this easily weaponizable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: http://www.rubomedical.com/dicom_viewer.html

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative DICOM viewer software.

🔧 Temporary Workarounds

Restrict DICOM file processing

windows

Configure the application to only process DICOM files from trusted sources and implement file validation.

Run with reduced privileges

windows

Configure the application to run with limited user privileges to reduce impact of successful exploitation.

🧯 If You Can't Patch

Immediately isolate affected systems from critical networks and sensitive data.
Implement application whitelisting to prevent execution of unauthorized code.

🔍 How to Verify

Check if Vulnerable:

Check if Rubo DICOM Viewer version 2.0 is installed on the system.

Check Version:

Check application properties or installation directory for version information.

Verify Fix Applied:

Verify that Rubo DICOM Viewer 2.0 has been removed or replaced with alternative software.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Rubo DICOM Viewer
Multiple failed file parsing attempts
Abnormal network connections from the viewer process

Network Indicators:

Unexpected outbound connections from systems running Rubo DICOM Viewer
Traffic to known exploit hosting domains

SIEM Query:

Process Creation where Image contains "Rubo" AND ParentImage contains "explorer.exe"

📊 Metadata

CVE ID: CVE-2020-37120

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: February 5, 2026

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-37120, you might also want to check these: