Home / Vulnerability Intelligence / CVE-2018-25212

CVE-2018-25212 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 26, 2026

Boxoft wav-wma Converter - Remote Code Execution

Published: March 26, 2026Updated: March 26, 2026

Overview

Boxoft wav-wma Converter 1.0 contains a buffer overflow in structured exception handling caused by processing malicious WAV files, letting attackers execute arbitrary code locally, exploit requires opening crafted WAV files.

Severity & Score

Severity: High

CVSS Score: 8.4

Impact

Attackers can execute arbitrary code locally by exploiting the buffer overflow, potentially leading to full system compromise.

Mitigation

Update to the latest version or apply vendor patches addressing the buffer overflow.

References

http://www.boxoft.com/wav-to-wma/
https://www.exploit-db.com/exploits/44989
https://www.vulncheck.com/advisories/boxoft-wav-wma-converter-local-buffer-overflow-seh

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25212
Severity: High
CVSS Score: 8.4
Type: buffer_overflow
Status: unconfirmed

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H