CVE-2019-25628
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Speedbit | Download Accelerator Plus DAP | 10.0.6.0 # | affected |
Weaknesses
- CWE-787: Out-of-bounds Write
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/46673
- http://www.speedbit.com/dap/
- http://www.speedbit.com/dap/download/downloading.asp
- https://www.vulncheck.com/advisories/download-accelerator-plus-dap-seh-buffer-overflow
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.