CVE-2018-25243
Denial of Service via Buffer Overflow in Microsoft FastTube Search
Publication date: 2026-04-04
Last updated on: 2026-04-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | fasttube | 1.0.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-763 | The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2018-25243 is a denial of service vulnerability in Microsoft FastTube version 1.0.1.0. It occurs when a local attacker submits an excessively long stringβspecifically, a buffer of 1900 charactersβinto the application's search bar. This oversized input causes the application to crash when the search operation is executed.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local attacker to crash the Microsoft FastTube application, resulting in a denial of service. The application becomes unavailable due to improper handling of input length in the search functionality, which disrupts its availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the crash condition locally on the affected system. A proof-of-concept involves creating an input string of 1900 characters and submitting it to the FastTube 1.0.1.0 search bar.
One practical method is to generate a file containing 1900 'A' characters, then copy and paste this string into the search bar of the FastTube application to observe if it crashes.
For example, using a command to create such a file on a Windows system with PowerShell:
- powershell -Command "'A' * 1900 | Out-File PoC.txt"
Then open PoC.txt, copy its contents, and paste into the FastTube search bar to test for the crash.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the search functionality with excessively long input strings, especially inputs around or exceeding 1900 characters.
Since the vulnerability requires local access, restricting user permissions and limiting access to the FastTube application can reduce the risk of exploitation.
Additionally, monitoring for application crashes and ensuring that the software is updated or patched by the vendor when a fix becomes available is recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.