CVE-2019-18655 metasploit module. SEH based buffer overflow in file sharing wizard app v.1.5.0.
CVE summary:
File Sharing Wizard version 1.5.0 is affected of Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL, a similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331.
Software Version: File Sharing Wizard version 1.5.0 build 2008
Tested OS versions: Microsoft Windows Vista Ultimate 6.0.6002 Service Pack 2 Build 6002 Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601
Product URL: https://file-sharing-wizard.soft112.com/
CVE-ID: CVE-2019-18655
Exploitation details: https://www.0xhuesca.com/2019/11/cve-2019-18655.html