Vulnerability Description
VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute arbitrary code with application privileges.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- http://www.vxsearch.com
- https://www.7elements.co.uk
- https://www.exploit-db.com/exploits/44494
- https://www.vulncheck.com/advisories/vx-search-local-buffer-overflow-via-directo
FAQ
What is CVE-2018-25328?
CVE-2018-25328 is a vulnerability with a CVSS score of 8.4 (HIGH). VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft...
How severe is CVE-2018-25328?
CVE-2018-25328 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25328?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.