CVE-2018-25263— Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH

Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH

Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log interface to execute arbitrary code with calculator proof-of-concept execution.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

Faleemi Desktop Software 安全漏洞

Faleemi Desktop Software是美国Faleemi公司的一款远程监控与管理网络摄像设备的桌面应用软件。 Faleemi Desktop Software 1.8.2版本存在安全漏洞，该漏洞源于Device alias字段存在本地缓冲区溢出，可能导致本地攻击者触发结构化异常处理覆盖，通过构造恶意有效载荷并粘贴到Managing Log界面的Device alias字段中执行任意代码。

N/A

N/A