CVE-2018-25427

An attacker can trigger this vulnerability by supplying input exceeding 658 bytes to the IP address or domain field in Arm Whois 3.11 [ref_id=1]. This oversized input can contain shellcode designed to overwrite the structured exception handler. When the application processes this crafted input, it leads to command execution [ref_id=1]. The exploit involves running Python code to generate the malicious input, copying it to the clipboard, pasting it into the application, and then clicking the "Retrieves IP-adress info" button, resulting in a command prompt window appearing [ref_id=1].

The vulnerability resides in Arm Whois version 3.11. Specifically, the overflow occurs when handling input provided to the "IP address or domain" field. The exploit details indicate that input exceeding 658 bytes can lead to the overflow and subsequent exploitation [ref_id=1].

The provided bundle does not contain information about a patch or specific remediation steps. Therefore, the advisory does not specify how the vulnerability is fixed. Users are advised to consult vendor advisories for potential mitigation strategies or updated versions.

1. Run the provided Python code to generate the malicious input and save it to 'text.txt'. 2. Open 'whois.exe' (Arm Whois 3.11). 3. Paste the content from 'text.txt' into the "IP address or domain" field. 4. Click on "Retrieves IP-adress info". 5. A command prompt window should appear, indicating successful exploitation [ref_id=1].