CVE-2019-16724
CVE-2019-16724
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (2 stars) — exploitation code widely available.
CVSS —EPSS 72.2%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
24 Sep 2019Metasploit module available
24 Sep 2019Published on NVD
25 Aug 2020Public PoC
Weaponization speed
335 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/nanabingies/CVE-2019-16724★ 2cve_referencepacketstormsecurity.com/files/154586/File-Sharing-Wizard-1.5.0-SEH-Buffer-Overflow.htmlunverifiedcve_referencepacketstormsecurity.com/files/154777/File-Sharing-Wizard-1.5.0-POST-SEH-Overflow.htmlunverifiedcve_referencewww.exploit-db.com/exploits/47412unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.