{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/vx-search-10.6.18/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25328"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["VX Search 10.6.18"],"_cs_severities":["high"],"_cs_tags":["buffer-overflow","local-privilege-escalation","cve-2018-25328"],"_cs_type":"advisory","_cs_vendors":["VX Search"],"content_html":"\u003cp\u003eVX Search 10.6.18 is vulnerable to a local buffer overflow (CVE-2018-25328). This vulnerability allows a local attacker to craft a malicious input file that, when processed by VX Search, overwrites the instruction pointer, resulting in arbitrary code execution within the context of the application. An oversized string supplied in the directory field is the trigger. The attacker needs to supply 271 bytes of junk data, followed by a return address, to achieve code execution. Exploitation requires the attacker to have the ability to supply a malicious input file to VX Search. Successful exploitation allows for arbitrary code execution with application privileges.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious input file.\u003c/li\u003e\n\u003cli\u003eThe malicious input file contains 271 bytes of junk data.\u003c/li\u003e\n\u003cli\u003eThe malicious input file includes a return address following the junk data, pointing to attacker-controlled code.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the malicious input file to the target system.\u003c/li\u003e\n\u003cli\u003eThe victim user or process opens the malicious file within VX Search 10.6.18.\u003c/li\u003e\n\u003cli\u003eVX Search attempts to process the directory field within the file.\u003c/li\u003e\n\u003cli\u003eDue to the lack of bounds checking, the oversized string overwrites the buffer.\u003c/li\u003e\n\u003cli\u003eThe return address is overwritten, causing the application to redirect execution flow to the attacker\u0026rsquo;s code.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution within the context of VX Search.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2018-25328) allows an attacker to execute arbitrary code on the target system with the privileges of the VX Search application. This could lead to complete system compromise, data exfiltration, or denial of service. There are no specific numbers of victims or targeted sectors provided in the source.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or upgrade to a non-vulnerable version of VX Search to remediate CVE-2018-25328.\u003c/li\u003e\n\u003cli\u003eMonitor file system events for suspicious file creations or modifications related to VX Search application directories to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement process monitoring to detect VX Search spawning unusual child processes, which could indicate successful code execution after a buffer overflow. Consider creating a Sigma rule based on process creation events.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-17T13:19:13Z","date_published":"2026-05-17T13:19:13Z","id":"https://feed.craftedsignal.io/briefs/2026-05-vx-search-buffer-overflow/","summary":"VX Search 10.6.18 contains a local buffer overflow vulnerability (CVE-2018-25328) that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field, leading to arbitrary code execution with application privileges.","title":"CVE-2018-25328 - VX Search 10.6.18 Local Buffer Overflow","url":"https://feed.craftedsignal.io/briefs/2026-05-vx-search-buffer-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — VX Search 10.6.18","version":"https://jsonfeed.org/version/1.1"}