Vulnerability Description
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://www.10-strike.com/lanstate/download.shtml
- https://www.10-strike.com/products.shtml
- https://www.exploit-db.com/exploits/45086
- https://www.vulncheck.com/advisories/10-strike-lanstate-local-buffer-overflow-se
FAQ
What is CVE-2018-25255?
CVE-2018-25255 is a vulnerability with a CVSS score of 8.4 (HIGH). 10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attack...
How severe is CVE-2018-25255?
CVE-2018-25255 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25255?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.