CVE-2019-25631
SEH Buffer Overflow in AIDA64 Business Allows Code Execution
Publication date: 2026-03-24
Last updated on: 2026-03-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aida64 | aida64 | 5.99.4900 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local structured exception handling (SEH) buffer overflow in AIDA64 Business 5.99.4900 that requires interaction with the application GUI to inject shellcode via the SMTP display name field and trigger it through report generation.
Detection involves monitoring for unusual or malicious input in the SMTP display name field within AIDA64 Business preferences or report wizard usage, as well as signs of SEH overwrite exploitation attempts.
Since the exploit is local and involves specific application fields, network-based detection commands are not directly applicable. Instead, detection can focus on monitoring the application logs or behavior for abnormal crashes or execution of unexpected code.
No specific commands for detection are provided in the available resources.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25631 is a structured exception handling (SEH) buffer overflow vulnerability found in AIDA64 Business version 5.99.4900. It allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode.'}, {'type': 'paragraph', 'content': "Attackers exploit this vulnerability by injecting egg hunter shellcode through the SMTP display name field in the application's preferences or report wizard functionality. This triggers the buffer overflow and causes the application to execute the injected code with the same privileges as the application."}, {'type': 'paragraph', 'content': "The exploit involves placing specially crafted shellcode in the display name field and then triggering the overflow during report generation, which redirects execution flow to the attacker's code."}] [2, 4]
How can this vulnerability impact me? :
This vulnerability can have serious impacts as it allows local attackers to execute arbitrary code with the privileges of the AIDA64 Business application.
Successful exploitation can compromise the confidentiality, integrity, and availability of the affected system.
- Attackers can run malicious code locally, potentially leading to unauthorized access or control over the system.
- The exploit requires low attack complexity and no user interaction, increasing the risk of exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating AIDA64 Business to a version later than 5.99.4900 where this vulnerability is fixed.
If an update is not immediately available, restrict local access to the affected system to trusted users only, as exploitation requires local interaction.
Avoid entering untrusted or suspicious data into the SMTP display name field or using the report wizard functionality until the vulnerability is patched.
Request a free test license or download the latest stable or beta versions from the official AIDA64 downloads page to ensure you are running a secure version.