CVE-2018-25258

HIGH

RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25258. PoCs published by bzyo.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow in RGui 3.5.0, leveraging SEH overwrite and DEP bypass via ROP chain to achieve arbitrary code execution (calc.exe). The payload is crafted with bad character restrictions and uses alpha_mixed encoding.

Description

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.

Exploits (1)

exploitdb WORKING POC

by bzyo · pythonlocalwindows

https://www.exploit-db.com/exploits/46107

View Code ZIP pw:eip

This exploit demonstrates a local buffer overflow in RGui 3.5.0, leveraging SEH overwrite and DEP bypass via ROP chain to achieve arbitrary code execution (calc.exe). The payload is crafted with bad character restrictions and uses alpha_mixed encoding.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: RGui 3.5.0

No auth needed

Prerequisites: Local access to the target system · RGui 3.5.0 installed · Ability to paste malicious input into GUI preferences

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 12, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory

VulnCheck Advisory: RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass

https://www.vulncheck.com/advisories/rgui-local-buffer-overflow-seh-dep-bypass

Exploit exploit

ExploitDB-46107

https://www.exploit-db.com/exploits/46107

Product product

Official Product Homepage

https://www.r-project.org/

Product product

Product Reference

https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe

Scores

CVSS v3 8.4

EPSS 0.0019

EPSS Percentile 8.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

R-Project/RGui 3.5.0

Published Apr 12, 2026

Tracked Since Apr 12, 2026