CVE-2018-25271
MEDIUM
6,9
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
6,2
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Description
AI Translation Available
Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attackers can paste a 5000-byte payload into the Command field via Tools > Run to trigger a buffer overflow that crashes the application.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 3 Days)
787
Out-of-bounds Write
DraftCommon Consequences
Security Scopes Affected:
Integrity
Availability
Other
Potential Impacts:
Modify Memory
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Unexpected State
Applicable Platforms
Languages:
Assembly, C, C++, Memory-Unsafe
Technologies:
ICS/OT
Application
Textpad by Helios
CPE Identifier
View Detailed Analysis
cpe:2.3:a:helios:textpad:8.1.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://textpad.com
https://www.exploit-db.com/exploits/45956
https://www.textpad.com/download/v81/win32/txpeng812-32.zip
https://www.vulncheck.com/advisories/textpad-denial-of-service-via-run-command