CVE-2019-5619

CRITICAL

aasync 2.2.1.0 - Stack-based Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-5619. Includes Metasploit module exploits/windows/ftp/aasync_list_reply.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in AASync v2.2.1.0 by sending a maliciously crafted response to a LIST command, overwriting a structured exception handler record to achieve remote code execution.

Description

AASync.com AASync version 2.2.1.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.

Exploits (1)

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/aasync_list_reply.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in AASync v2.2.1.0 by sending a maliciously crafted response to a LIST command, overwriting a structured exception handler record to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AASync v2.2.1.0 (Win32)

No auth needed

Prerequisites: Network access to the target FTP client · Target must initiate an FTP connection to the attacker-controlled server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://www.rapid7.com/db/modules/exploit/windows/ftp/aasync_list_reply

Scores

CVSS v3 9.8

EPSS 0.0472

EPSS Percentile 90.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

aasync/aasync 2.2.1.0

Published Apr 29, 2020

Tracked Since Feb 18, 2026