CVE-2018-25427

CRITICAL

Arm Whois 3.11 - Stack-based Buffer Overflow via Oversized IP/Domain Input

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25427. PoCs published by Semen Alexandrovich Lyhin.

AI-analyzed exploit summary This is a functional buffer overflow exploit for Arm Whois 3.11, leveraging SEH overwrite to achieve remote code execution via a crafted payload. The exploit uses alpha_mixed encoded shellcode to spawn a command shell.

Description

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.

Exploits (1)

exploitdb WORKING POC
by Semen Alexandrovich Lyhin · pythonlocalwindows_x86
https://www.exploit-db.com/exploits/45796

This is a functional buffer overflow exploit for Arm Whois 3.11, leveraging SEH overwrite to achieve remote code execution via a crafted payload. The exploit uses alpha_mixed encoded shellcode to spawn a command shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Arm Whois 3.11
No auth needed
Prerequisites: Windows XP SP3 (tested) · Arm Whois 3.11 installed
devstral-2 · analyzed Jun 02, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources product
http://www.armcode.com/
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45796

Scores

CVSS v3 9.8
EPSS 0.0101
EPSS Percentile 58.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-121
Status published
Products (1)
Armcode/Arm Whois 3.11
Published Jun 01, 2026
Tracked Since Jun 02, 2026