CVE-2018-25213

EUVD-2018-21684
Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through the DNS Query field to achieve code execution with application privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
nsasoftnsauditor
3.0.28
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.nsauditor.com
http://www.nsauditor.com/downloads/nsauditor_setup.exe
https://www.exploit-db.com/exploits/46005
https://www.vulncheck.com/advisories/nsauditor-local-seh-buffer-overflow