CVE-2018-25432
Description
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The application is vulnerable to a buffer overflow when processing specially crafted input files."
Attack vector
Local attackers can exploit this vulnerability by crafting a malicious input file. This file is designed to overwrite the structured exception handler (SEH) pointers at a specific offset, 672 bytes from the start of the buffer. By controlling these pointers, an attacker can hijack the exception handling mechanism to execute arbitrary code on the system [ref_id=1].
Affected code
The vulnerability exists in Arm Whois version 3.11. The exploit details indicate that the overflow occurs when processing input, leading to the overwriting of the nSEH and SEH pointers at a 672-byte offset [ref_id=1].
What the fix does
The provided bundle does not contain information about a patch or a fix for this vulnerability. The advisory does not specify any remediation steps. Therefore, no fix explanation can be provided.
Preconditions
- inputThe attacker must provide a malicious input file crafted to trigger the buffer overflow.
- authThe attacker must have local access to the system running the vulnerable software.
Reproduction
The exploit details include Python code that generates a malicious file named 'tmp.txt' by concatenating various components, including a payload and specific offsets for nSEH and SEH pointers, which can then be written to a file [ref_id=1].
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.