high advisory March 24, 2026

X-NetStat Pro 5.63 Local Buffer Overflow Vulnerability

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability (CVE-2019-25637) allowing local attackers to execute arbitrary code by overwriting the EIP register.

X-NetStat Pro version 5.63 is susceptible to a local buffer overflow vulnerability, identified as CVE-2019-25637. This flaw enables a local attacker to execute arbitrary code on a targeted system. The vulnerability stems from a 264-byte buffer overflow that allows overwriting the EIP register. Successful exploitation allows attackers to inject shellcode into memory, leveraging an egg hunter technique to pinpoint and trigger the malicious payload. The vulnerable functionality resides within the…

Detection coverage 2

Detect Suspicious Process Creation from X-NetStat Pro

high

Detects the creation of unusual child processes from X-NetStat Pro, which could indicate exploitation of CVE-2019-25637.

sigma tactics: execution, privilege_escalation techniques: T1059.001 sources: process_creation, windows

Detect X-NetStat Pro Loading Suspicious DLLs

medium

Detects X-NetStat Pro loading DLLs from unusual locations, indicating potential DLL hijacking or exploitation attempts related to CVE-2019-25637

sigma tactics: defense_evasion techniques: T1574.001 sources: image_load, windows

Detection queries are kept inside the platform. Get full rules →