CVE-2019-25628

Download Accelerator · Download Accelerator Plus (DAP)

Download Accelerator Plus 10.0.6.0 is vulnerable to a structured exception handler (SEH) buffer overflow, allowing remote attackers to execute arbitrary code via crafted URLs.

Executive summary

A critical buffer overflow in Download Accelerator Plus 10.0.6.0 allows remote attackers to execute arbitrary code through malicious URL processing.

Vulnerability

The application contains a structured exception handler (SEH) buffer overflow vulnerability triggered during the import of web page URLs. By crafting a URL with excessive data, an unauthenticated attacker can overwrite SEH pointers, leading to the execution of embedded shellcode.

Business impact

The CVSS score of 9.8 reflects the high risk of this vulnerability, which enables remote code execution on the user's workstation. A successful exploit could lead to full system compromise, the installation of malware, and the theft of sensitive user credentials or local data.

Remediation

Immediate Action: Cease use of the affected version of Download Accelerator Plus and verify if an update or vendor-provided patch is available.

Proactive Monitoring: Monitor endpoint execution logs for suspicious child processes spawned by the DAP application or unexpected network connections originating from the software.

Compensating Controls: Disable the application's "web page import" functionality via group policy or configuration if possible, and ensure endpoint protection software is updated to detect malicious shellcode patterns.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This vulnerability is highly dangerous due to its potential for remote code execution. Organizations should immediately audit their environments for this specific version of Download Accelerator Plus and remove or update the software to eliminate the risk of exploitation.