The vulnerability arises from a local structured exception handling (SEH) buffer overflow in Easy File Sharing Web Server 7.2. A local attacker can craft an oversized username consisting of 4059 bytes of padding, followed by a crafted nseh value and an SEH pointer, which triggers the overflow when attempting to add a new user account. This overflow allows the attacker to execute arbitrary code on the server with the privileges of the web service process, resulting in a local code execution that could compromise system integrity.

The affected system is Easy File Sharing Web Server version 7.2 from vendor Sharing‑File. No additional version variations are listed in the supplied data. The vulnerability affects all installations that allow local users to create or modify user accounts through the web interface.

The CVSS v3.1 score for this flaw is 8.6, indicating high severity. The EPSS score is reported as less than 1%, suggesting that exploitation is currently uncommon. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog, which indicates no publicly observed exploitation at the time of reporting. It is a local vulnerability requiring physical or local access to the machine hosting the service. The exploit path involves creating a malicious user account via the web interface, so an attacker would need valid local credentials or administrative access to the machine.