{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2018-25426/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2018-25426"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["WinMTR 0.91"],"_cs_severities":["medium"],"_cs_tags":["dos","buffer overflow","cve-2018-25426"],"_cs_type":"advisory","_cs_vendors":["WinMTR"],"content_html":"\u003cp\u003eWinMTR version 0.91 is susceptible to a denial-of-service vulnerability. This flaw can be exploited by crafting a malformed payload file with a large buffer of repeated characters. When the vulnerable application processes this crafted file, it leads to a buffer overflow, causing the application to crash. The attacker can create a specially crafted input file with 238 bytes of data to trigger this buffer overflow condition. Exploitation of this vulnerability requires no authentication and can be triggered remotely, making it a significant concern for systems running WinMTR.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious input file containing a buffer of 238 repeated characters.\u003c/li\u003e\n\u003cli\u003eThe malicious file is delivered to the target system. The delivery method is not specified in the source.\u003c/li\u003e\n\u003cli\u003eWinMTR 0.91 attempts to open and process the malicious file.\u003c/li\u003e\n\u003cli\u003eDue to the oversized buffer, a buffer overflow occurs within the WinMTR application.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow corrupts memory, leading to unpredictable behavior.\u003c/li\u003e\n\u003cli\u003eWinMTR 0.91 crashes due to the memory corruption caused by the buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe application becomes unavailable, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in a denial-of-service condition, rendering WinMTR 0.91 unusable. While the number of victims and targeted sectors are unspecified, any system running the vulnerable version of WinMTR is at risk. A successful attack would disrupt network monitoring activities relying on this tool.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor for attempts to open unusual or malformed files with WinMTR using the \u003ccode\u003eFile Open with WinMTR\u003c/code\u003e Sigma rule to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eApply any available patches or upgrades provided by WinMTR to remediate CVE-2018-25426.\u003c/li\u003e\n\u003cli\u003eConsider using alternative network monitoring tools that are not vulnerable to buffer overflow attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T16:21:49Z","date_published":"2026-05-30T16:21:49Z","id":"https://feed.craftedsignal.io/briefs/2026-05-winmtr-dos/","summary":"WinMTR 0.91 is vulnerable to a denial-of-service attack where a malformed payload file containing a buffer overflow can crash the application (CVE-2018-25426).","title":"WinMTR 0.91 Denial of Service Vulnerability (CVE-2018-25426)","url":"https://feed.craftedsignal.io/briefs/2026-05-winmtr-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2018-25426","version":"https://jsonfeed.org/version/1.1"}