CVE-2019-25628
🟠 Łataj w tym tygodniu
Przepełnienie bufora w Download Accelerator Plus umożliwia zdalne wykonanie kodu.
CVSS
9.8
EPSS
0.2%
Exploit
none
Vendor
Opis źródłowy (NVD)
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality.
buffer-overflow
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.2% |
| Opublikowano (NVD) | 2026-03-24 12:16:02 UTC |
| Ostatnia modyfikacja (NVD) | 2026-03-24 15:53:48 UTC |
Referencje
- http://www.speedbit.com/dap/ (disclosure@vulncheck.com)
- http://www.speedbit.com/dap/download/downloading.asp (disclosure@vulncheck.com)
- https://www.exploit-db.com/exploits/46673 (disclosure@vulncheck.com)
- https://www.vulncheck.com/advisories/download-accelerator-plus-dap-seh-buffer-overflow (disclosure@vulncheck.com)