CVE-2020-37066 – CVE-2020-37066 is a critical buffer overflow vu... (How to Fix)

Q: What is the severity of CVE-2020-37066?

CVE-2020-37066 has a CVSS score of 9.8 (CRITICAL). CVE-2020-37066 is a critical buffer overflow vulnerability in GoldWave audio editing software that allows remote code execution when a malicious file is opened. Attackers can craft Unicode-encoded shellcode in text files to trigger stack-based overflow and execute arbitrary commands. Users of GoldWave 5.70 are affected.

📋 TL;DR

CVE-2020-37066 is a critical buffer overflow vulnerability in GoldWave audio editing software that allows remote code execution when a malicious file is opened. Attackers can craft Unicode-encoded shellcode in text files to trigger stack-based overflow and execute arbitrary commands. Users of GoldWave 5.70 are affected.

💻 Affected Systems

Products:

GoldWave

Versions: 5.70

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the File Open URL dialog when processing specially crafted input. All installations of GoldWave 5.70 are vulnerable by default.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine, enabling data theft, ransomware deployment, or lateral movement within networks.

🟠

Likely Case

Remote code execution leading to malware installation, credential theft, or system disruption when users open malicious files.

🟢

If Mitigated

Limited impact if proper application whitelisting, file integrity monitoring, and user awareness training prevent malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires user interaction to open malicious file. Public exploit code is available on Exploit-DB (ID 48510).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.57 or later

Vendor Advisory: https://www.goldwave.com/

Restart Required: Yes

Instructions:

1. Download latest GoldWave version from official website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Disable File Open URL feature

windows

Prevent exploitation by disabling or restricting access to the vulnerable File Open URL dialog functionality.

Application control policy

windows

Implement application whitelisting to prevent execution of unauthorized files through GoldWave.

🧯 If You Can't Patch

Implement strict file type restrictions to prevent opening of suspicious text files with GoldWave
Deploy endpoint detection and response (EDR) solutions to monitor for buffer overflow exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check GoldWave version via Help > About menu. If version is 5.70, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify GoldWave version is 6.57 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from GoldWave.exe
Memory access violations in application logs
File open attempts with unusual Unicode patterns

Network Indicators:

Outbound connections from GoldWave to unexpected destinations
Download of suspicious text files followed by GoldWave execution

SIEM Query:

Process Creation where Image contains 'goldwave.exe' AND CommandLine contains unusual Unicode patterns OR ParentImage contains suspicious downloader

📊 Metadata

CVE ID: CVE-2020-37066

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: February 3, 2026

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-37066, you might also want to check these: