CVE-2018-25258 — HIGH (8.4)

Vulnerability Description

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-434

References

FAQ

What is CVE-2018-25258?

CVE-2018-25258 is a vulnerability with a CVSS score of 8.4 (HIGH). RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers ca...

How severe is CVE-2018-25258?

CVE-2018-25258 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-25258?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.