Primary

Context

SurfOffline Professional SEH Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

A structured exception handler (SEH) overflow vulnerability has been identified in SurfOffline Professional version 2.2.0.103. This vulnerability allows attackers to crash the application by manipulating the project name input. By sending a payload of 382 'A' characters followed by specific byte sequences, attackers can overwrite SEH registers, causing the application to crash and create a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.

Reproduction

To reproduce this vulnerability, set the 'Start Page URL' to any value in the SurfOffline application. Then, paste the crafted payload into the 'Project Name' field and proceed by clicking 'next' and 'finish'. The application will crash, indicating a successful denial-of-service attack by overwriting the SEH register.

Added: Feb 12, 2026, 11:27 PM

Updated: Feb 12, 2026, 11:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SurfOffline Professional SEH Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating