A critical buffer overflow vulnerability in Arm Whois 3.11 could allow local attackers to achieve arbitrary code execution by hijacking the structured exception handler.

This is a buffer overflow vulnerability triggered by a malicious input file. By crafting an input with a 672-byte offset, a local attacker can overwrite the nSEH and SEH pointers to hijack the exception handler and execute arbitrary code.

With a CVSS score of 8.4, this vulnerability represents a high risk to organizational security. Successful exploitation could lead to full system compromise, allowing an attacker to gain unauthorized control over the host running the software, potentially resulting in data exfiltration or lateral movement within the network.

Immediate Action: Review the official Arm vendor advisory for available security updates and apply patches to all affected systems immediately.

Proactive Monitoring: Monitor system logs for unusual application crashes or error reports associated with the Whois service, which may indicate exploitation attempts.

Compensating Controls: Restrict access to the affected binary to authorized users only and implement endpoint detection and response (EDR) solutions to identify anomalous process behavior.

Public Exploit Available: true

Given the ability for local attackers to achieve arbitrary code execution, this vulnerability poses a significant threat. Administrators should prioritize identifying instances of Arm Whois 3.11 and applying the necessary patches to mitigate the risk of system exploitation.