CVE-2018-25258
| Summary |
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.
|
| Publication Date |
April 12, 2026, 10:16 p.m. |
| Registration Date |
April 15, 2026, 11:37 a.m. |
| Last Update |
April 16, 2026, midnight |
|
CVSS3.1 : HIGH
|
| スコア |
8.4
|
| Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 攻撃元区分(AV) |
ローカル |
| 攻撃条件の複雑さ(AC) |
低 |
| 攻撃に必要な特権レベル(PR) |
不要 |
| 利用者の関与(UI) |
不要 |
| 影響の想定範囲(S) |
変更なし |
| 機密性への影響(C) |
高 |
| 完全性への影響(I) |
高 |
| 可用性への影響(A) |
高 |
Related information, measures and tools
Common Vulnerabilities List