CVE-2018-25427
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Armcode | Arm Whois | 3.11 | affected |
Weaknesses
- CWE-121: Stack-based Buffer Overflow
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/45796
- http://www.armcode.com/
- http://www.armcode.com/downloads/arm-whois.exe
- https://www.vulncheck.com/advisories/arm-whois-buffer-overflow-via-seh-overwrite
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.