CVE-2018-25213

HIGH

Nsauditor 3.0.28.0 Local SEH Buffer Overflow

Title source: cna

Description

Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through the DNS Query field to achieve code execution with application privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Achilles · pythonlocalwindows

https://www.exploit-db.com/exploits/46005

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/46005

[Product] http://www.nsauditor.com

[Product] http://www.nsauditor.com/downloads/nsauditor_setup.exe

[Third Party Advisory] https://www.vulncheck.com/advisories/nsauditor-local-seh-buffer-overflow

Scores

CVSS v3 8.4

EPSS 0.0001

EPSS Percentile 0.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

nsasoft/nsauditor 3.0.28

Nsauditor/Nsauditor Local SEH Buffer Overflow 3.0.28.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026