CVE-2018-25255

HIGH

10-Strike LANState 8.8 Local Buffer Overflow SEH

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25255. PoCs published by absolomb.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow vulnerability in 10-Strike LANState 8.8 via a crafted .lsm file. It leverages SEH overwrite with a reverse shell payload, targeting the software's file parsing functionality.

Description

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.

Exploits (1)

exploitdb WORKING POC

by absolomb · pythonlocalwindows

https://www.exploit-db.com/exploits/45086

View Code ZIP pw:eip

This exploit demonstrates a local buffer overflow vulnerability in 10-Strike LANState 8.8 via a crafted .lsm file. It leverages SEH overwrite with a reverse shell payload, targeting the software's file parsing functionality.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: 10-Strike LANState 8.8

No auth needed

Prerequisites: Victim must open the malicious .lsm file in LANState

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-45086

https://www.exploit-db.com/exploits/45086

Product product

Official Product Homepage

https://www.10-strike.com/products.shtml

Product product

Product Reference

https://www.10-strike.com/lanstate/download.shtml

Third Party Advisory third-party-advisory

VulnCheck Advisory: 10-Strike LANState 8.8 Local Buffer Overflow SEH

https://www.vulncheck.com/advisories/10-strike-lanstate-local-buffer-overflow-seh

Scores

CVSS v3 8.4

EPSS 0.0019

EPSS Percentile 8.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

10-Strike/Strike LANState 8.8

Published Apr 04, 2026

Tracked Since Apr 04, 2026