top of page
perceptive_background_267k.jpg

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. A…

Published:

31 May 2026 at 22:00:00

Alert date:

1 June 2026 at 23:04:16

Source:

nvd.nist.gov

Click to open the original link from this advisory

Security Tools

CVE-2018-25432 affects Arm Whois version 3.11, containing a buffer overflow vulnerability that enables local attackers to execute arbitrary code. The vulnerability is exploited by overwriting the structured exception handler (SEH) through a malicious input file. Attackers can craft input with a specific 672-byte offset to overwrite nSEH and SEH pointers. This enables code execution through exception handler hijacking techniques. The vulnerability allows local privilege escalation and arbitrary code execution on affected systems.

Technical details

Mitigation steps:

Affected products:

Arm Whois 3.11

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25432
http://www.armcode.com
http://www.armcode.com/downloads/arm-whois.exe
https://www.exploit-db.com/exploits/45907
https://www.vulncheck.com/advisories/arm-whois-buffer-overflow-via-aslr-bypass

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page