CVE-2018-25355

Vulnerability

Audiograbber 1.83 [1][2] contains a local buffer overflow vulnerability in the Interpret and Album input fields. The application fails to validate the length of data supplied to these fields, allowing an attacker to overflow a stack buffer. By overwriting structured exception handler (SEH) pointers, the attacker can hijack control flow and execute arbitrary code. The vulnerability affects all versions up to and including 1.83 [2].

Exploitation

An attacker must have local access to a system running Audiograbber 1.83 on a supported platform (e.g., Windows 7 SP1 x86) [1]. The exploit requires the attacker to craft a malicious file (e.g., poc.txt) containing a specially constructed payload that overwrites the SEH chain. The user then pastes the contents of this file into the "Interpret" or "Album" field within the application [1]. The payload uses a short JMP instruction to jump over mangled parts of the buffer, a pop2ret gadget from WMA8Connect.dll to restore execution flow, and finally shellcode [1]. No authentication or elevated privileges are needed before exploitation.

Impact

Successful exploitation allows the attacker to execute arbitrary shellcode with the privileges of the Audiograbber application. This typically results in a reverse shell or other attacker-controlled commands, leading to full compromise of the user's session and potential escalation on the local machine [1][2]. The impact is high: the attacker gains arbitrary code execution with full access to the user's environment.

Mitigation

As of the available references, no official patch or fixed version has been released [1][2]. Users are advised to avoid opening untrusted content in the vulnerable fields and to restrict local access to the application. The vendor homepage is https://www.audiograbber.org/ [1] but no update addressing this CVE is known. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.