CVE-2019-25660

MEDIUM

LanHelper 1.74 Denial of Service via Buffer Overflow

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25660. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary This Python script generates a 6000-byte buffer of 'A' characters to trigger a local buffer overflow in LanHelper v1.74, causing a denial of service (DoS) when pasted into the application's message form. The provided register dump confirms the crash state with EIP overwritten by 0x41414141.

Description

LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denial of service condition.

Exploits (1)

exploitdb WORKING POC
by Rafael Pedrero · pythondoswindows
https://www.exploit-db.com/exploits/46295

This Python script generates a 6000-byte buffer of 'A' characters to trigger a local buffer overflow in LanHelper v1.74, causing a denial of service (DoS) when pasted into the application's message form. The provided register dump confirms the crash state with EIP overwritten by 0x41414141.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: LanHelper v1.74
No auth needed
Prerequisites: LanHelper v1.74 running on Windows XP SP3 · ability to paste clipboard content into the application
devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46295
https://www.exploit-db.com/exploits/46295
Product product
Official Product Homepage
http://www.hainsoft.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: LanHelper 1.74 Denial of Service via Buffer Overflow
https://www.vulncheck.com/advisories/lanhelper-denial-of-service-via-buffer-overflow

Scores

CVSS v3 6.2
EPSS 0.0023
EPSS Percentile 13.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (2)
hainsoft/lanhelper < 1.74
Hainsoft/LanHelper 1.74
Published Apr 05, 2026
Tracked Since Apr 06, 2026