Skip to content
CVSS 8.4 · HIGH

CVE-2018-25299

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.

Ver en NVD

Análisis

Prime95 is a specialized tool for CPU stress testing and mathematical research rather than a core component of the software development stack. This vulnerability requires local access to modify proxy settings, and the software is not widely used in the community's primary web and mobile development workflows.

Severidad

Puntaje: 8.4(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 4.6%
EPSS: 2026-05-06

Descripción técnica

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.

Publicada: 29/4/2026, 20:16:25
Última modificación: 30/4/2026, 15:48:26

Referencias

InicioEventosBlogRecursosEquipo