ГлавнаяУязвимости → CVE-2018-25212
8.4высокая

CVE-2018-25212

Описание

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH chain and achieve code execution on Windows systems.

Затрагиваемое ПО
Boxoft Wav to wma converter
CVSS
Балл8.4 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://www.boxoft.com/wav-to-wma/https://www.exploit-db.com/exploits/44989https://www.vulncheck.com/advisories/boxoft-wav-wma-converter-local-buffer-overflow-seh