Vendor
VX Search 10.6.18 contains a local buffer overflow vulnerability (CVE-2018-25328) that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field, leading to arbitrary code execution with application privileges.