Unrated severityNVD Advisory· Published Mar 26, 2026· Updated Mar 28, 2026

Boxoft wav-wma Converter 1.0 Local Buffer Overflow SEH

CVE-2018-25212

Description

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH chain and achieve code execution on Windows systems.

Affected products

Boxoft/wav-wma Converterllm-create
Range: <=1.0
Boxoft/WAV to WMA Converterv5
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/44989mitreexploit
www.vulncheck.com/advisories/boxoft-wav-wma-converter-local-buffer-overflow-sehmitrethird-party-advisory
www.boxoft.com/wav-to-wma/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000