CVE-2018-17980

HIGH

NoMachine < 5.3.27 and 6.x < 6.3.6 - Untrusted Search Path via Trojan Horse wintab32.dll

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-17980. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates a DLL hijacking vulnerability in NoMachine <= v5.3.26, where a malicious 'wintab32.dll' can be executed when a '.nxs' file is opened. The PoC is a simple DLL that displays a message box upon loading.

Description

NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · cremotewindows

https://www.exploit-db.com/exploits/45611

View Code ZIP pw:eip

This exploit demonstrates a DLL hijacking vulnerability in NoMachine <= v5.3.26, where a malicious 'wintab32.dll' can be executed when a '.nxs' file is opened. The PoC is a simple DLL that displays a message box upon loading.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: NoMachine <= v5.3.26

No auth needed

Prerequisites: Ability to place a malicious 'wintab32.dll' in a directory where the '.nxs' file is opened

MITRE ATT&CK

T1574.001 - DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://www.nomachine.com/TR10P08887

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45611/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/149784/NoMachine-5.3.26-Remote-Code-Execution.html

Exploit, Third Party Advisory x_refsource_misc

http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt

Scores

CVSS v3 7.8

EPSS 0.0367

EPSS Percentile 88.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-426

Status published

Products (1)

nomachine/nomachine < 5.3.27

Published Oct 15, 2018

Tracked Since Feb 18, 2026