CVE-2019-25733
NetShareWatcher 1.5.8.0 SEH Buffer Overflow via Restrictions Filter
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netsharewatcher | netsharewatcher | 1.5.8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details on how the vulnerability in NetShareWatcher 1.5.8.0 affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2019-25733 is a structured exception handler (SEH) buffer overflow vulnerability in NetShareWatcher version 1.5.8.0 and earlier. It allows local attackers to execute arbitrary code by supplying malicious input through the Restrictions custom filter field. The attacker crafts a payload that overwrites SEH and NSEH pointers, which triggers code execution when the Find function is invoked.
The exploit involves sending a specially crafted input that overwrites the SEH chain, including a short jump instruction and a return address, enabling execution of attacker-controlled code such as launching arbitrary programs.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code on the affected system with the privileges of the user running NetShareWatcher. This could lead to unauthorized actions such as running malicious software, gaining further access, or disrupting normal operations.
Because the exploit can trigger code execution, it poses a significant security risk including potential denial of service or full compromise of the affected machine.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if NetShareWatcher version 1.5.8.0 or earlier is installed and in use on the system, as the vulnerability is triggered locally through the Restrictions custom filter field when the Find function is invoked.
Since the exploit involves supplying a malicious payload to the Restrictions custom filter field, detection can involve monitoring or auditing the inputs to this field for suspicious or unusually long strings that could overwrite SEH and NSEH pointers.
There are no specific commands provided in the resources to detect the vulnerability directly on the network or system.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting local user access to NetShareWatcher 1.5.8.0 or earlier versions, as the vulnerability requires local attacker access.
Avoid using or entering untrusted or malformed input in the Restrictions custom filter field, especially inputs that could be crafted to overwrite SEH and NSEH pointers.
If possible, upgrade to a version of NetShareWatcher that has patched this vulnerability or apply any available security updates from the vendor.
Monitor and audit usage of the Find function and inputs to the Restrictions filter to detect any attempts to exploit the vulnerability.