← Voltar para CVEs
CVE-2018-25258
HIGH8.4
Descricao
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.
Detalhes CVE
Pontuacao CVSS v3.18.4
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/12/2026
Ultima modificacao4/12/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-434
Referencias
https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46107(disclosure@vulncheck.com)
https://www.r-project.org/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/rgui-local-buffer-overflow-seh-dep-bypass(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.