{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2019-25628/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2019-25628","buffer-overflow","seh-overflow"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eDownload Accelerator Plus (DAP) version 10.0.6.0 is susceptible to a critical structured exception handler (SEH) buffer overflow vulnerability, identified as CVE-2019-25628. This vulnerability allows remote attackers to achieve arbitrary code execution by crafting malicious URLs. The attack leverages the application\u0026rsquo;s web page import functionality to introduce the malicious URL. Successful exploitation allows attackers to overwrite SEH pointers, redirecting execution flow to attacker-controlled shellcode. This vulnerability poses a significant risk to users of the affected DAP version, potentially leading to complete system compromise. The vulnerability was reported and analyzed by VulnCheck.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious URL containing overflowing buffer data designed to overwrite the SEH pointers.\u003c/li\u003e\n\u003cli\u003eThe victim uses the Download Accelerator Plus 10.0.6.0 application.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the malicious URL to the victim via social engineering or other means.\u003c/li\u003e\n\u003cli\u003eThe victim imports the malicious URL through the application\u0026rsquo;s web page import functionality.\u003c/li\u003e\n\u003cli\u003eThe application attempts to process the crafted URL, triggering the buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe overflowing buffer overwrites the structured exception handler (SEH) record on the stack.\u003c/li\u003e\n\u003cli\u003eWhen an exception occurs, the application attempts to use the overwritten SEH pointer.\u003c/li\u003e\n\u003cli\u003eControl is transferred to the attacker-controlled shellcode embedded in the malicious URL, leading to arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2019-25628) allows a remote attacker to execute arbitrary code on the victim\u0026rsquo;s system. Given the critical severity score (CVSS v3.1: 9.8), the impact is significant. Affected systems are completely compromised, allowing the attacker to install malware, steal sensitive information, or pivot to other systems on the network. The number of potential victims is unknown, but all users of Download Accelerator Plus 10.0.6.0 are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDiscontinue the use of Download Accelerator Plus DAP 10.0.6.0 due to the unpatched SEH buffer overflow vulnerability (CVE-2019-25628).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for connections to the URLs associated with the vulnerability (e.g., \u003ccode\u003ehttp://www.speedbit.com/dap/\u003c/code\u003e, \u003ccode\u003ehttps://www.exploit-db.com/exploits/46673\u003c/code\u003e). Block these domains at the network perimeter.\u003c/li\u003e\n\u003cli\u003eImplement a network detection rule to identify HTTP requests containing unusually long URLs that might be exploiting the buffer overflow. This will require analyzing webserver or proxy logs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-24T12:16:02Z","date_published":"2026-03-24T12:16:02Z","id":"/briefs/2026-03-dap-seh-overflow/","summary":"Download Accelerator Plus DAP 10.0.6.0 is vulnerable to a structured exception handler buffer overflow, allowing remote attackers to execute arbitrary code via malicious crafted URLs by overwriting SEH pointers and executing embedded shellcode.","title":"Download Accelerator Plus (DAP) SEH Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-dap-seh-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2019-25628","version":"https://jsonfeed.org/version/1.1"}