{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25288", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-26T13:08:12.758Z", "datePublished": "2026-04-26T13:19:18.671Z", "dateUpdated": "2026-04-27T14:06:22.237Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-26T13:19:18.671Z"}, "datePublic": "2018-08-23T00:00:00.000Z", "title": "StyleWriter 1.0 Denial of Service via Pattern Input", "descriptions": [{"lang": "en", "value": "StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "cweId": "CWE-120", "type": "CWE"}]}], "affected": [{"vendor": "Editorsoftware", "product": "StyleWriter", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/45250", "name": "ExploitDB-45250", "tags": ["exploit"]}, {"url": "http://www.editorsoftware.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.editorsoftware.com/StyleWriter_Download.php", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: StyleWriter 1.0 Denial of Service via Pattern Input", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/stylewriter-denial-of-service-via-pattern-input"}], "credits": [{"lang": "en", "value": "Gionathan \"John\" Reale", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T14:05:44.845957Z", "id": "CVE-2018-25288", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T14:06:22.237Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25288", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T14:05:44.845957Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T14:06:07.555Z"}}], "cna": {"title": "StyleWriter 1.0 Denial of Service via Pattern Input", "credits": [{"lang": "en", "type": "finder", "value": "Gionathan \"John\" Reale"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Editorsoftware", "product": "StyleWriter", "versions": [{"status": "affected", "version": "1.0"}]}], "datePublic": "2018-08-23T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/45250", "name": "ExploitDB-45250", "tags": ["exploit"]}, {"url": "http://www.editorsoftware.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.editorsoftware.com/StyleWriter_Download.php", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/stylewriter-denial-of-service-via-pattern-input", "name": "VulnCheck Advisory: StyleWriter 1.0 Denial of Service via Pattern Input", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-26T13:19:18.671Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25288", "state": "PUBLISHED", "dateUpdated": "2026-04-27T14:06:22.237Z", "dateReserved": "2026-04-26T13:08:12.758Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-26T13:19:18.671Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service condition."}], "id": "CVE-2018-25288", "lastModified": "2026-04-27T18:55:32.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-26T22:17:29.900", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.editorsoftware.com"}, {"source": "disclosure@vulncheck.com", "url": "http://www.editorsoftware.com/StyleWriter_Download.php"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/45250"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/stylewriter-denial-of-service-via-pattern-input"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "StyleWriter", "source": "cna", "vendor": "Editorsoftware"}, "product": "stylewriter", "vendor": "editorsoftware"}], "analysis": {"en": {"generated_at": "2026-04-28T05:11:32.187678+00:00", "value": {"mitigation_remediation": ["Update StyleWriter to a version that contains the buffer\u2011overflow fix if one is available from Editorsoftware.", "If an update is not yet released, restrict local user access to the application or run it under an account with least privilege to reduce the impact of a crash.", "In the meantime, advise users not to paste unusually long strings into the Pattern to Find or Advice Message fields; if a crash occurs, troubleshoot or force\u2011quit the application."], "summary": {"action": "Upgrade", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Editorsoftware StyleWriter 1.0 on any operating system where users can access the Add Pattern dialog is affected. No specific OS, version, or configuration limitations are provided in the advisory.", "description_and_impact": "StyleWriter 1.0 contains a buffer overflow that can be triggered by supplying an excessively long string in the Pattern to Find or Advice Message fields. When a local attacker pastes a 6000\u2011byte payload into these fields, the application crashes, resulting in a denial of service. The flaw is a classic stack-based overflow (CWE\u2011120).", "risk_and_exploitability": "The CVSS score of 6.9 indicates a medium severity vulnerability. The EPSS score of less than 1% shows a very low probability of exploitation in the wild. It is not listed in CISA KEV, and only local users can trigger the crash. To exploit the flaw an attacker must have local access to the machine running StyleWriter and manually enter a long string in the vulnerable fields."}}}}, "created": "2026-04-27T19:52:08.656060+00:00", "updated": "2026-04-28T05:15:22.947459+00:00", "vendors": ["editorsoftware", "editorsoftware$PRODUCT$stylewriter"]}