CVE-2019-25330

Medium CVSS: 6.7

SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers.

Vendor

Product

CWE

CWE-121

Yayın Tarihi

2026-02-12 23:16:05

Güncelleme

2026-02-13 14:23:48

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-121 MEDIUM 2026

Referanslar

https://web.archive.org/web/20190717003929/http://www.bimesoft.com/ https://www.exploit-db.com/exploits/47795 https://www.softpedia.com/get/Internet/Offline-Browsers/SurfOffline.shtml https://www.vulncheck.com/advisories/surfoffline-professional-project-name-denial-of-se