CVE-2018-25432
Deferred Deferred - Pending Action
Whois Buffer Overflow in Arm Whois 3.11

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2018-25432
EUVD
EUVD-2018-21953
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
arm whois 3.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler (SEH).

Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.

Impact Analysis

This vulnerability allows local attackers to execute arbitrary code on the affected system.

Successful exploitation can lead to full control over the system, potentially compromising confidentiality, integrity, and availability of data and services.

Detection Guidance

This vulnerability is a local buffer overflow in Arm Whois 3.11 that requires a crafted malicious input file to trigger the overflow and overwrite the structured exception handler. Detection involves identifying the presence of Arm Whois version 3.11 or earlier on the system.

Since the exploit is local and triggered by a specific input file with a 672-byte offset to overwrite nSEH and SEH pointers, network detection is unlikely. Instead, detection should focus on verifying the installed version of Arm Whois and monitoring for suspicious local file inputs or crashes related to exception handling.

Suggested commands to detect the vulnerable software version on a system might include:

  • On Windows, check the version of Arm Whois executable by running: `whois.exe /?` or checking file properties.
  • Use system package managers or software inventory tools to identify Arm Whois version 3.11 or earlier.
  • Monitor application logs or system event logs for crashes or exceptions related to Arm Whois.
Mitigation Strategies

Immediate mitigation steps include:

  • Remove or restrict access to Arm Whois version 3.11 or earlier on all systems.
  • Apply any available patches or updates from the vendor that address this buffer overflow vulnerability.
  • Limit local user permissions to prevent untrusted users from executing or providing malicious input files to Arm Whois.
  • Monitor systems for unusual crashes or behavior related to Arm Whois that might indicate exploitation attempts.
  • Consider using application whitelisting or sandboxing to restrict execution of untrusted code.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25432. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart