CVE-2018-10655

HIGH

DeviceLock Plug and Play Auditor <5.72 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10655. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates a Unicode SEH buffer overflow in DeviceLock Plug and Play Auditor 5.72. The PoC creates a maliciously crafted text file that triggers the vulnerability when loaded via the 'Scan Network' feature, leading to potential arbitrary code execution.

Description

DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).

Exploits (1)

exploitdb WORKING POC
by hyp3rlinx · textlocalwindows
https://www.exploit-db.com/exploits/44590

This exploit demonstrates a Unicode SEH buffer overflow in DeviceLock Plug and Play Auditor 5.72. The PoC creates a maliciously crafted text file that triggers the vulnerability when loaded via the 'Scan Network' feature, leading to potential arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DeviceLock Plug and Play Auditor 5.72
No auth needed
Prerequisites: DeviceLock Plug and Play Auditor 5.72 installed · Ability to load a malicious text file via the 'Scan Network' feature
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44590/

Scores

CVSS v3 7.8
EPSS 0.1555
EPSS Percentile 96.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
devicelock/plug_and_play_auditor 5.72
Published May 10, 2018
Tracked Since Feb 18, 2026