CVE-2019-25612

HIGH

Admin Express 1.2.5.485 Local SEH Buffer Overflow via Folder Path

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25612. PoCs published by Connor McGarr.

AI-analyzed exploit summary This exploit demonstrates a local SEH-based buffer overflow in Admin Express v1.2.5.485, leveraging alphanumeric shellcode encoding to bypass bad characters and spawn calc.exe. The payload uses a combination of stack alignment, register manipulation, and encoded shellcode to achieve arbitrary code execution.

Description

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare feature by pasting a crafted buffer overflow payload into the left-hand side Folder Path field and clicking the scale icon to execute shellcode with application privileges.

Exploits (1)

exploitdb WORKING POC

by Connor McGarr · pythonlocalwindows

https://www.exploit-db.com/exploits/46805

View Code ZIP pw:eip

This exploit demonstrates a local SEH-based buffer overflow in Admin Express v1.2.5.485, leveraging alphanumeric shellcode encoding to bypass bad characters and spawn calc.exe. The payload uses a combination of stack alignment, register manipulation, and encoded shellcode to achieve arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Admin Express v1.2.5.485

No auth needed

Prerequisites: Windows XP SP3 EN environment · Admin Express installed · User interaction to paste payload into 'Folder Path' field

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46805

https://www.exploit-db.com/exploits/46805

Product product

Official Product Homepage

https://admin-express.en.softonic.com/

Product product

Product Reference

https://admin-express.en.softonic.com/download

Third Party Advisory third-party-advisory

VulnCheck Advisory: Admin Express 1.2.5.485 Local SEH Buffer Overflow via Folder Path

https://www.vulncheck.com/advisories/admin-express-local-seh-buffer-overflow-via-folder-path

Scores

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 4.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

Admin-Express/Admin-Express 1.2.5.485

Published Mar 22, 2026

Tracked Since Mar 22, 2026