Local Code Execution Flaws Disclosed in PDF Explorer and RGui
Two newly cataloged CVEs detail local code execution vulnerabilities in Windows desktop applications PDF Explorer 1.5.66.2 and RGui 3.5.0. CVE-2018-25217 affects PDF Explorer through a structured exception handler (SEH) overflow in the application's Custom fields settings dialog, where malicious data placed in the Label field can overwrite SEH records and enable arbitrary code execution. The issue is mapped to CWE-787 and was published with CVSS v4.0 and v3.1 scoring, alongside references to Exploit-DB, RTT Software, a trial installer, and a VulnCheck advisory.
CVE-2018-25258 affects RGui 3.5.0 through a stack-based buffer overflow in the GUI preferences dialog, specifically the Language for menus and messages field. The disclosure says an attacker can use SEH-based exploitation to bypass DEP, run a ROP chain that calls VirtualAlloc, and achieve arbitrary code execution on the local system. The entry was published with CVSS v4.0 and v3.1 vectors and references to the affected R 3.5.0 Windows binary, Exploit-DB, the R Project website, and a VulnCheck advisory.
Timeline
Apr 12, 2026
CVE-2018-25258 disclosed for RGui 3.5.0 buffer overflow
A CVE entry for RGui 3.5.0 documented a local buffer overflow in the GUI preferences dialog, triggered through the "Language for menus and messages" field. The disclosure said attackers could bypass DEP with SEH exploitation, use a ROP chain invoking VirtualAlloc, and achieve arbitrary code execution.
Mar 26, 2026
CVE-2018-25217 disclosed for PDF Explorer SEH overflow
A CVE entry for PDF Explorer 1.5.66.2 documented a local code execution vulnerability caused by a structured exception handler overflow in the Custom fields settings dialog's Label field. The disclosure described arbitrary code execution via SEH overwrite, buffer overflow techniques, and ROP gadget chains.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
File Write Flaws in Docudepot PDF Reader and Stackfield Desktop App
Two newly disclosed vulnerabilities expose users of **Docudepot PDF Reader** and the **Stackfield Desktop App** to arbitrary file write attacks that could lead to severe system compromise. **CVE-2026-30292** affects Docudepot PDF Reader: PDF Viewer APP version `1.0.34`, where a weakness in the file import process allows arbitrary file overwrite of critical internal files. The issue is classified as **CWE-73** and carries a `CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` score, with reported impact including possible arbitrary code execution and information exposure. **CVE-2026-28373** affects the Stackfield Desktop App before version `1.10.2` on **macOS** and **Windows**. The flaw stems from path traversal in decryption functionality that mishandles the `filePath` property, allowing a malicious export to write arbitrary content to any location on a victim’s filesystem. The vulnerability is tracked as **CWE-22** and was assigned `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`, reflecting high risk to confidentiality, integrity, and availability when a crafted file is opened.
4 weeks ago
Microsoft February 2026 vulnerability disclosures across Windows, Azure, and developer tools
Microsoft published multiple security advisories for **Windows**, **Azure**, and **developer tooling**, including several high-impact issues spanning **remote code execution (RCE)**, **elevation of privilege (EoP)**, **spoofing**, **information disclosure**, **denial of service**, and **security feature bypass**. Notable items include **Azure SDK for Python RCE** `CVE-2026-21531` (CVSS 9.8; **deserialization of untrusted data**), **Windows Shell security feature bypass** `CVE-2026-21510` (CVSS 8.8; exploitability listed as **E:F**), **GitHub Copilot/Visual Studio/VS Code** issues enabling **RCE/EoP/feature bypass** (`CVE-2026-21256`, `CVE-2026-21523`, `CVE-2026-21257`, `CVE-2026-21518`), and **Azure Local RCE** `CVE-2026-21228` (CVSS 8.1; **improper certificate validation**). Additional Windows platform flaws include **Desktop Window Manager EoP** `CVE-2026-21519` (type confusion), **HTTP.sys EoP** `CVE-2026-21232` (untrusted pointer dereference), **WinSock Ancillary Function Driver EoP** `CVE-2026-21238` (improper access control), **Windows Storage EoP** `CVE-2026-21508`, **WSL EoP** `CVE-2026-21237`, **Microsoft Word security feature bypass** `CVE-2026-21514`, **Outlook spoofing** `CVE-2026-21511`, **Windows LDAP DoS** `CVE-2026-21243`, plus **ACI Confidential Containers information disclosure** `CVE-2026-23655` and **Azure IoT Explorer information disclosure** `CVE-2026-21528`. Separately, a detailed third-party writeup described a **Windows Error Reporting Service** local privilege escalation, `CVE-2026-20817`, patched in January 2026, where the **WER service** (`wersvc.dll`) running as `NT AUTHORITY\SYSTEM` allegedly fails to validate requester permissions over **ALPC**, enabling a standard user to trigger process creation with a SYSTEM-derived token (retaining powerful rights such as *SeDebugPrivilege*, *SeImpersonatePrivilege*, and *SeBackupPrivilege*). Another third-party report highlighted a long-standing **libpng** heap buffer issue, `CVE-2026-25646` (CVSS 8.3), in `png_set_quantize()` that can be triggered by a crafted PNG (palette present, histogram absent) leading to an infinite loop/out-of-bounds read with potential for DoS and, with heap grooming, possible code execution; an additional MSRC entry referenced **libjpeg-turbo** `CVE-2023-2804` (heap-based overflow) as an Important RCE-class issue. Collectively, the disclosures reinforce the need to prioritize patching for internet-reachable components and developer tooling, and to treat local EoP bugs as high-risk in post-compromise and lateral movement scenarios.
2 months ago
Multiple Adobe Acrobat and Reader Flaws Enable Code Execution and Information Disclosure
German authorities issued security advisories for **Adobe Acrobat DC**, **Acrobat Reader DC**, and **Adobe Acrobat Reader** covering multiple vulnerabilities that could allow **information disclosure** and **arbitrary code execution**. One advisory specifically warned that a flaw in Adobe Acrobat Reader could expose sensitive information and be leveraged for code execution, raising the risk of compromise when users open maliciously crafted PDF files. A follow-up advisory expanded the scope to **multiple vulnerabilities** across Adobe’s Acrobat product line, indicating broader exposure for enterprise and end-user systems that rely on Adobe PDF software. Organizations using affected Adobe applications should prioritize vendor patches and review endpoint protections, as successful exploitation could give attackers access to data or the ability to run code on targeted systems.
2 weeks ago