CVE-2019-25319

CriticalPublic PoC

Published: 12 February 2026

Published

12 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0026 49.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an…

access violation and execute a bind shell on port 9999.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, and remediation of flaws like the stack overflow in Domain Quester Pro, preventing exploitation through patching or removal of the vulnerable software.

SI-10 Information Input Validation good match

prevent

SI-10 enforces validation of inputs such as the 'Domain Name Keywords' field to block oversized or malformed payloads that trigger the stack overflow and SEH overwrite.

SI-16 Memory Protection good match

prevent

SI-16 implements memory safeguards like stack canaries or DEP to protect against SEH register overwrites and arbitrary code execution from the stack overflow.

Security SummaryAI

CVE-2019-25319 is a stack overflow vulnerability in Domain Quester Pro version 6.02, stemming from CWE-121. The issue resides in the 'Domain Name Keywords' input field, where attackers can overwrite Structured Exception Handler (SEH) registers, leading to an access violation and remote code execution. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

Remote, unauthenticated attackers can exploit the vulnerability over the network with low attack complexity and no user interaction required. By sending a specially crafted malicious payload to the affected input field, they trigger the stack overflow, enabling arbitrary code execution, such as establishing a bind shell on TCP port 9999.

Advisories and related resources include the vendor's site at http://www.internet-soft.com/, an Exploit-DB entry at https://www.exploit-db.com/exploits/47825 providing exploit details, and a VulnCheck advisory at https://www.vulncheck.com/advisories/domain-quester-pro-stack-overflow-seh. No specific patches or mitigation steps are detailed in the CVE description.

Details

CWE(s): CWE-121

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Stack overflow enables remote unauthenticated arbitrary code execution (AV:N/AC:L/PR:N/UI:N) via malicious input to a network-accessible application field, directly facilitating exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

http://www.internet-soft.com/
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/47825
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/domain-quester-pro-stack-overflow-seh
disclosure@vulncheck.com