high advisory March 24, 2026

AIDA64 Business SEH Buffer Overflow Vulnerability (CVE-2019-25631)

AIDA64 Business 5.99.4900 is vulnerable to a local Structured Exception Handling (SEH) buffer overflow (CVE-2019-25631) allowing attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode.

AIDA64 Business version 5.99.4900 is vulnerable to a structured exception handling (SEH) buffer overflow (CVE-2019-25631). A local attacker can exploit this vulnerability to execute arbitrary code with application privileges. The vulnerability stems from insufficient bounds checking when processing the SMTP display name field in the preferences or report wizard functionality. An attacker can inject malicious shellcode, specifically egg hunter shellcode, into this field to overwrite SEH…

Detection coverage 2

AIDA64 Suspicious Child Process

high

Detects suspicious child processes spawned by AIDA64 that could indicate exploitation

sigma tactics: execution techniques: T1059.001, T1218.011 sources: process_creation, windows

Detect AIDA64 Making Network Connections

medium

Detects AIDA64 making network connections, which might indicate command and control activity after exploitation.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, windows

Detection queries are kept inside the platform. Get full rules →