Description
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log interface to execute arbitrary code with calculator proof-of-concept execution.
Published: 2026-04-26
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Apply Fix
AI Analysis

Impact

Faleemi Desktop Software 1.8.2 has a local buffer overflow in the Device alias field that enables an SEH overwrite. An attacker can craft a malicious payload, paste it into the field, and trigger arbitrary code execution, as demonstrated by a proof‑of‑concept that launches the calculator.

Affected Systems

Vendor Faleemi, product Faleemi Desktop Software, version 1.8.2.

Risk and Exploitability

The CVSS score of 8.6 classifies the vulnerability as High severity, while the EPSS score of less than 1% indicates a low probability of exploitation. The attack requires local access and involves manually entering a payload in the device alias field; it is not currently listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 28, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Faleemi support website or contact vendor to determine if an official fix or patch is available, and apply it when released.
  • Limit local user privileges to the Managing Log interface or disable the Device alias feature, if the application provides an option, to reduce the attack surface.
  • Implement application whitelisting or endpoint monitoring to detect and block unexpected code execution, such as the launch of calc.exe triggered by the exploit.

Generated by OpenCVE AI on April 28, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Faleemi
Faleemi faleemi Desktop Software
Vendors & Products Faleemi
Faleemi faleemi Desktop Software

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log interface to execute arbitrary code with calculator proof-of-concept execution.
Title Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Faleemi Faleemi Desktop Software
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T20:06:30.634Z

Reserved: 2026-04-22T11:27:24.496Z

Link: CVE-2018-25263

cve-icon Vulnrichment

Updated: 2026-04-27T20:06:26.660Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:26.863

Modified: 2026-04-27T18:53:00.053

Link: CVE-2018-25263

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:30:32Z

Weaknesses