CVE-2019-25631

HIGH

AIDA64 Business 5.99.4900 SEH Buffer Overflow via EggHunter

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25631. PoCs published by Peyman Forouzan.

AI-analyzed exploit summary This exploit demonstrates a SEH buffer overflow vulnerability in AIDA64 Business 5.99.4900 using an EggHunter technique to achieve remote code execution (RCE). The exploit generates shellcode and an EggHunter payload, which are then used to trigger the vulnerability via specific input fields in the application.

Description

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or report wizard functionality to trigger the overflow and execute code with application privileges.

Exploits (1)

exploitdb WORKING POC

by Peyman Forouzan · pythonlocalwindows

https://www.exploit-db.com/exploits/46639

View Code ZIP pw:eip

This exploit demonstrates a SEH buffer overflow vulnerability in AIDA64 Business 5.99.4900 using an EggHunter technique to achieve remote code execution (RCE). The exploit generates shellcode and an EggHunter payload, which are then used to trigger the vulnerability via specific input fields in the application.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AIDA64 Business 5.99.4900

No auth needed

Prerequisites: AIDA64 Business 5.99.4900 installed on a vulnerable Windows system · Ability to execute the Python script and interact with the application's GUI

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 24, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46639

https://www.exploit-db.com/exploits/46639

Product product

Official Product Homepage

https://www.aida64.com

Product product

Product Reference

https://www.aida64.com/downloads

Third Party Advisory third-party-advisory

VulnCheck Advisory: AIDA64 Business 5.99.4900 SEH Buffer Overflow via EggHunter

https://www.vulncheck.com/advisories/aida64-business-seh-buffer-overflow-via-egghunter

Scores

CVSS v3 8.4

EPSS 0.0026

EPSS Percentile 16.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

aida64/aida64 5.99.4900

Aida64/AIDA64 Business 5.99.4900 #

Published Mar 24, 2026

Tracked Since Mar 24, 2026