Description
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or report wizard functionality to trigger the overflow and execute code with application privileges.
Published: 2026-03-24
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Code Execution via SEH buffer overflow
Action: Patch Immediately
AI Analysis

Impact

AIDA64 Business 5.99.4900 is vulnerable to a structured exception handling buffer overflow that can be triggered by injecting malicious shellcode through the SMTP display name feature. The overflow overwrites the SEH pointers and allows an attacker with local access to execute arbitrary code at application privileges. This exploitation path directly compromises confidentiality and integrity of the affected system by enabling arbitrary code execution within the context of AIDA64.

Affected Systems

The vulnerability impacts the Aida64 AIDA64 Business product, specifically version 5.99.4900 on all supported operating systems where the SMTP preferences or report wizard feature is enabled. No other versions or products are listed as affected.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity for local attackers, while the EPSS score of less than 1% suggests a low probability of widespread exploitation. The vulnerability is not currently listed in CISA’s KEV catalog. Exploitation requires local access to the machine and the ability to modify application preferences or initiate a report wizard, therefore the attack vector is local. Given these conditions, users must consider the potential for full system compromise through this local code execution route.

Generated by OpenCVE AI on March 27, 2026 at 18:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update AIDA64 Business to a patched version that removes the SEH overflow.
  • If an updated version is not yet available, disable the SMTP display name and report wizard functionalities that allow shellcode injection, or run the application with limited user privileges.
  • Consider employing application whitelisting to prevent unauthorized code execution within AIDA64.

Generated by OpenCVE AI on March 27, 2026 at 18:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Aida64 aida64
CPEs cpe:2.3:a:aida64:aida64:5.99.4900:*:*:*:business:*:*:*
Vendors & Products Aida64 aida64

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Aida64
Aida64 aida64 Business
Vendors & Products Aida64
Aida64 aida64 Business

Tue, 24 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or report wizard functionality to trigger the overflow and execute code with application privileges.
Title AIDA64 Business 5.99.4900 SEH Buffer Overflow via EggHunter
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Aida64 Aida64 Aida64 Business
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T13:25:26.341Z

Reserved: 2026-03-24T11:02:11.394Z

Link: CVE-2019-25631

cve-icon Vulnrichment

Updated: 2026-03-24T13:25:23.277Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T12:16:03.393

Modified: 2026-03-27T16:59:50.140

Link: CVE-2019-25631

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:26:46Z

Weaknesses