Description
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality.
Published: 2026-03-24
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate Patch
AI Analysis

Impact

The flaw is a structured exception handler buffer overflow in Download Accelerator Plus DAP 10.0.6.0. By crafting a malicious URL that overflows the buffer, an attacker can overwrite SEH pointers and execute arbitrary shellcode when the URL is imported through the application's web page import feature. This vulnerability allows remote attackers to run code with the privileges of the user running the application, compromising confidentiality, integrity, and availability of the machine.

Affected Systems

The affected product is Speedbit Download Accelerator Plus DAP, version 10.0.6.0. No other versions are listed as vulnerable in the available data. Users running earlier or later releases are not identified as affected.

Risk and Exploitability

The severity is reflected in a CVSS score of 9.3, indicating a high‑impact remote code execution risk. The EPSS score is not provided, and the vulnerability is not in the CISA KEV catalog, but the condition of a buffer overflow with an exploitable SEH pointer is widely known to be easy to exploit. Attackers can trigger the flaw by sending a crafted URL to a user who imports it, and no authentication is required, so the attack can be performed remotely with minimal effort. The potential impact is full control over the affected system.

Generated by OpenCVE AI on March 24, 2026 at 12:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade to a version that resolves the SEH overflow
  • If no patch is available, disable or block the web page import functionality so malicious URLs cannot reach the vulnerable code
  • Avoid following unknown or malformed URLs that could trigger the overflow
  • Regularly monitor vendor advisories for updates

Generated by OpenCVE AI on March 24, 2026 at 12:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Speedbit
Speedbit download Accelerator Plus
Vendors & Products Speedbit
Speedbit download Accelerator Plus

Tue, 24 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality.
Title Download Accelerator Plus DAP 10.0.6.0 SEH Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Speedbit Download Accelerator Plus
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T13:52:16.320Z

Reserved: 2026-03-24T11:00:53.962Z

Link: CVE-2019-25628

cve-icon Vulnrichment

Updated: 2026-03-24T13:52:04.389Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T12:16:02.777

Modified: 2026-03-24T15:53:48.067

Link: CVE-2019-25628

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:39:42Z

Weaknesses