CVE-2018-25212

EUVD-2018-21682
Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH chain and achieve code execution on Windows systems.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
boxoftwav_to_wma_converter
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.boxoft.com/wav-to-wma/
https://www.exploit-db.com/exploits/44989
https://www.vulncheck.com/advisories/boxoft-wav-wma-converter-local-buffer-overflow-seh