CVE-2018-25212 — HIGH (8.4)

Vulnerability Description

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH chain and achieve code execution on Windows systems.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Boxoft	Wav To Wma Converter	1.0

Related Weaknesses (CWE)

CWE-787

References

http://www.boxoft.com/wav-to-wma/Product
https://www.exploit-db.com/exploits/44989ExploitVDB Entry
https://www.vulncheck.com/advisories/boxoft-wav-wma-converter-local-buffer-overfThird Party Advisory

FAQ

What is CVE-2018-25212?

CVE-2018-25212 is a vulnerability with a CVSS score of 8.4 (HIGH). Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers ...

How severe is CVE-2018-25212?

CVE-2018-25212 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-25212?

Check the references section above for vendor advisories and patch information. Affected products include: Boxoft Wav To Wma Converter.