CVE-2019-25628

CRITICAL

Download Accelerator Plus DAP 10.0.6.0 SEH Buffer Overflow

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25628. PoCs published by Peyman Forouzan.

AI-analyzed exploit summary This exploit demonstrates a SEH-based buffer overflow in Download Accelerator Plus (DAP) 10.0.6.0, leveraging a crafted HTTP URL to trigger a structured exception handler overwrite and execute a Unicode-encoded calc.exe payload.

Description

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality.

Exploits (1)

exploitdb WORKING POC
by Peyman Forouzan · pythonlocalwindows
https://www.exploit-db.com/exploits/46673

This exploit demonstrates a SEH-based buffer overflow in Download Accelerator Plus (DAP) 10.0.6.0, leveraging a crafted HTTP URL to trigger a structured exception handler overwrite and execute a Unicode-encoded calc.exe payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Download Accelerator Plus (DAP) 10.0.6.0
No auth needed
Prerequisites: User interaction to import a malicious HTML web page
devstral-2 · analyzed Mar 24, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-46673
https://www.exploit-db.com/exploits/46673
Product product
Official Product Homepage
http://www.speedbit.com/dap/
Product product
Product Reference
http://www.speedbit.com/dap/download/downloading.asp
Third Party Advisory third-party-advisory
VulnCheck Advisory: Download Accelerator Plus DAP 10.0.6.0 SEH Buffer Overflow
https://www.vulncheck.com/advisories/download-accelerator-plus-dap-seh-buffer-overflow

Scores

CVSS v3 9.8
EPSS 0.0080
EPSS Percentile 51.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
Speedbit/Download Accelerator Plus DAP 10.0.6.0 #
Published Mar 24, 2026
Tracked Since Mar 24, 2026