CVE-2019-16724

CRITICAL

File Sharing Wizard 1.5.0 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-16724. PoCs published by x00pwn, nanabingies.

AI-analyzed exploit summary This exploit targets a SEH overflow vulnerability in File Sharing Wizard 1.5.0 via a crafted HTTP POST request. It leverages a NOP sled and shellcode to execute arbitrary commands (e.g., calc.exe) on Windows 7.

Description

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.

Exploits (2)

exploitdb WORKING POC

by x00pwn · pythonremotewindows

https://www.exploit-db.com/exploits/47412

View Code ZIP pw:eip

This exploit targets a SEH overflow vulnerability in File Sharing Wizard 1.5.0 via a crafted HTTP POST request. It leverages a NOP sled and shellcode to execute arbitrary commands (e.g., calc.exe) on Windows 7.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: File Sharing Wizard 1.5.0

No auth needed

Prerequisites: Network access to the target · File Sharing Wizard service running on port 80

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by nanabingies · poc

https://github.com/nanabingies/CVE-2019-16724

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-16724, targeting a SEH-based buffer overflow in File Sharing Wizard 1.5.0 via a crafted HTTP POST request. The exploit includes shellcode for arbitrary code execution and is designed for Windows 7.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: File Sharing Wizard 1.5.0

No auth needed

Prerequisites: Network access to the target system · File Sharing Wizard 1.5.0 running on Windows 7

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/154586/File-Sharing-Wizard-1.5.0-SEH-Buffer-Overflow.html

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/154777/File-Sharing-Wizard-1.5.0-POST-SEH-Overflow.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/47412

Scores

CVSS v3 9.8

EPSS 0.7216

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

upredsun/file_sharing_wizard 1.5.0

Published Sep 24, 2019

Tracked Since Feb 18, 2026