CVE-2019-25629

HIGH

AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via Logging

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25629. PoCs published by Peyman Forouzan.

AI-analyzed exploit summary This exploit demonstrates a SEH-based buffer overflow in AIDA64 Extreme 5.99.4900 by crafting a malicious CSV log file that triggers arbitrary code execution (calc.exe) when loaded via the application's logging feature. The payload includes a Metasploit-generated shellcode and precise SEH/NSEH manipulation for both 32-bit and 64-bit Windows systems.

Description

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging preferences to overflow the buffer and trigger code execution when the application processes the log file path.

Exploits (1)

exploitdb WORKING POC

by Peyman Forouzan · pythonlocalwindows

https://www.exploit-db.com/exploits/46660

View Code ZIP pw:eip

This exploit demonstrates a SEH-based buffer overflow in AIDA64 Extreme 5.99.4900 by crafting a malicious CSV log file that triggers arbitrary code execution (calc.exe) when loaded via the application's logging feature. The payload includes a Metasploit-generated shellcode and precise SEH/NSEH manipulation for both 32-bit and 64-bit Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AIDA64 Extreme 5.99.4900

No auth needed

Prerequisites: User interaction to load the malicious CSV file via the application's logging preferences

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 24, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46660

https://www.exploit-db.com/exploits/46660

Product product

Official Product Homepage

https://www.aida64.com

Product product

Product Reference

http://download.aida64.com/aida64extreme599.exe

Third Party Advisory third-party-advisory

VulnCheck Advisory: AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via Logging

https://www.vulncheck.com/advisories/aida64-extreme-seh-buffer-overflow-via-logging

Scores

CVSS v3 8.4

EPSS 0.0022

EPSS Percentile 11.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

aida64/aida64 5.99.4900

Aida64/AIDA64 Extreme 5.99.4900 #

Published Mar 24, 2026

Tracked Since Mar 24, 2026