A critical buffer overflow in Aida64 Engineer allows attackers to achieve remote code execution on a victim's system by tricking them into processing a malicious CSV log file.

The application is vulnerable to a stack-based buffer overflow when parsing malformed CSV logging configurations. An attacker can craft a malicious file that utilizes Structured Exception Handler (SEH) overwrite techniques to hijack the execution flow and run arbitrary code.

Successful exploitation results in the complete compromise of the system running the Aida64 software. This is particularly concerning for "Engineer" editions, which are often used by IT staff with elevated privileges, potentially leading to broader network exposure. The CVSS score is 9.8.

Immediate Action: Update Aida64 Engineer to the latest version immediately. Avoid opening or importing configuration/log files from untrusted or external sources.

Proactive Monitoring: Monitor for unusual application behavior or crashes when handling CSV files and use EDR tools to detect memory-based exploitation attempts.

Compensating Controls: Implement file integrity monitoring (FIM) for configuration directories and ensure that the application is running with the least privilege necessary.

Public Exploit Available: No

Given the potential for high-privilege code execution, administrators must ensure that all installations of Aida64 are updated. Users should be cautioned against importing any configuration files that have not been verified.