CVE-2019-25633

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name field and Load from file parameter to trigger the overflow and execute shellcode with application privileges.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://download.aida64.com/aida64extreme599.exe	Product
https://www.aida64.com	Product
https://www.exploit-db.com/exploits/46636	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/aida64-extreme-seh-buffer-overflow-via-egghunter	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:aida64:aida64:5.99.4900:*:*:*:extreme:*:*:*

History

No history.

Information

Published : 2026-03-24 12:16

Updated : 2026-03-26 16:40

NVD link : CVE-2019-25633

Mitre link : CVE-2019-25633

CVE.ORG link : CVE-2019-25633

JSON object : View

Products Affected

aida64

aida64

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2019-25633", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-24T12:16:03.797", "references": [{"url": "http://download.aida64.com/aida64extreme599.exe", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.aida64.com", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46636", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/aida64-extreme-seh-buffer-overflow-via-egghunter", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name field and Load from file parameter to trigger the overflow and execute shellcode with application privileges."}, {"lang": "es", "value": "AIDA64 Extreme 5.99.4900 contiene una vulnerabilidad de desbordamiento de b\u00fafer de manejo estructurado de excepciones que permite a atacantes locales ejecutar c\u00f3digo arbitrario al suministrar entrada maliciosa a trav\u00e9s de las interfaces de preferencias de correo electr\u00f3nico y asistente de informes. Los atacantes pueden inyectar cargas \u00fatiles manipuladas en el campo Display name y el par\u00e1metro Load from file para activar el desbordamiento y ejecutar shellcode con privilegios de aplicaci\u00f3n."}], "lastModified": "2026-03-26T16:40:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aida64:aida64:5.99.4900:*:*:*:extreme:*:*:*", "vulnerable": true, "matchCriteriaId": "59100A69-BA3C-4B96-B6E5-168C39A2161B"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}