{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/aida64/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2019-25631","buffer-overflow","seh","aida64","windows"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eAIDA64 Business version 5.99.4900 is vulnerable to a structured exception handling (SEH) buffer overflow (CVE-2019-25631). A local attacker can exploit this vulnerability to execute arbitrary code with application privileges. The vulnerability stems from insufficient bounds checking when processing the SMTP display name field in the preferences or report wizard functionality. An attacker can inject malicious shellcode, specifically egg hunter shellcode, into this field to overwrite SEH…\u003c/p\u003e\n","date_modified":"2026-03-24T12:16:03Z","date_published":"2026-03-24T12:16:03Z","id":"/briefs/2026-03-aida64-seh-overflow/","summary":"AIDA64 Business 5.99.4900 is vulnerable to a local Structured Exception Handling (SEH) buffer overflow (CVE-2019-25631) allowing attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode.","title":"AIDA64 Business SEH Buffer Overflow Vulnerability (CVE-2019-25631)","url":"https://feed.craftedsignal.io/briefs/2026-03-aida64-seh-overflow/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["aida64","buffer-overflow","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eAIDA64 Extreme version 5.99.4900 is susceptible to a structured exception handler (SEH) buffer overflow vulnerability. This flaw enables a local attacker to execute arbitrary code on a targeted system. The attack vector involves crafting a malicious CSV log file path and configuring AIDA64\u0026rsquo;s Hardware Monitoring logging preferences to utilize it. When the AIDA64 application attempts to process this specially crafted log file, it triggers a buffer overflow in the SEH, enabling the attacker to inject and execute arbitrary shellcode. This vulnerability poses a significant risk to systems running the affected AIDA64 version, potentially leading to complete system compromise by local users.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains local access to a system running AIDA64 Extreme 5.99.4900.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious CSV log file containing shellcode designed to exploit the SEH buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe attacker opens AIDA64 Extreme and navigates to the Hardware Monitoring logging preferences.\u003c/li\u003e\n\u003cli\u003eWithin the logging preferences, the attacker specifies the path to the malicious CSV log file.\u003c/li\u003e\n\u003cli\u003eAIDA64 attempts to process the specified log file, triggering the buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe injected shellcode overwrites the structured exception handler.\u003c/li\u003e\n\u003cli\u003eWhen an exception occurs during log processing, the overwritten SEH redirects execution to the attacker\u0026rsquo;s shellcode.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s shellcode executes arbitrary commands, potentially granting them full control of the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a local attacker to execute arbitrary code with the privileges of the AIDA64 process. This could lead to complete system compromise, data theft, or installation of malware. While the exploit requires local access, the severity is high due to the potential for privilege escalation and the ease with which a malicious log file path can be configured within the application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process execution for AIDA64 (aida64.exe) attempting to access unusual or suspicious file paths, especially CSV files, using the \u003ccode\u003eDetect AIDA64 Suspicious Log File Access\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eEnable file access monitoring to capture the file paths being accessed by AIDA64.\u003c/li\u003e\n\u003cli\u003eApply appropriate access controls to prevent unauthorized local users from modifying AIDA64\u0026rsquo;s logging preferences.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-24T12:16:02Z","date_published":"2026-03-24T12:16:02Z","id":"/briefs/2026-03-aida64-buffer-overflow/","summary":"AIDA64 Extreme 5.99.4900 is vulnerable to a structured exception handler buffer overflow, allowing local attackers to execute arbitrary code by supplying a malicious CSV log file path through the Hardware Monitoring logging preferences.","title":"AIDA64 Extreme 5.99.4900 Structured Exception Handler Buffer Overflow","url":"https://feed.craftedsignal.io/briefs/2026-03-aida64-buffer-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Aida64","version":"https://jsonfeed.org/version/1.1"}