CVE-2018-25427

Sažetak

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.

Reference

http://www.armcode.com/
http://www.armcode.com/downloads/arm-whois.exe
https://www.exploit-db.com/exploits/45796
https://www.vulncheck.com/advisories/arm-whois-buffer-overflow-via-seh-overwrite

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

02-06-2026 - 14:43

Objavljeno

01-06-2026 - 22:16