CVE-2018-25256

MEDIUM

IP TOOLS 2.50 Local Buffer Overflow Denial of Service

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25256. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary This PoC demonstrates a local buffer overflow in IP TOOLS v2.50, leading to a denial of service (DoS) and SEH overwriting. The exploit generates a malformed input file that crashes the application when pasted into the SNMP Scanner fields.

Description

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start button, causing denial of service and SEH overwrite.

Exploits (1)

exploitdb WORKING POC
by Rafael Pedrero · pythondoswindows
https://www.exploit-db.com/exploits/46286

This PoC demonstrates a local buffer overflow in IP TOOLS v2.50, leading to a denial of service (DoS) and SEH overwriting. The exploit generates a malformed input file that crashes the application when pasted into the SNMP Scanner fields.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: IP TOOLS v2.50
No auth needed
Prerequisites: IP TOOLS v2.50 installed on Windows XP SP3 · Access to the SNMP Scanner tab
devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46286
https://www.exploit-db.com/exploits/46286
Product product
Official Product Homepage
https://www.ks-soft.net/ip-tools.eng/index.htm
Third Party Advisory third-party-advisory
VulnCheck Advisory: IP TOOLS 2.50 Local Buffer Overflow Denial of Service
https://www.vulncheck.com/advisories/ip-tools-local-buffer-overflow-denial-of-service

Scores

CVSS v3 5.5
EPSS 0.0020
EPSS Percentile 10.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (2)
Ks-Soft/IP TOOLS 2.50
ks-soft/ip-tools < 2.50
Published Apr 05, 2026
Tracked Since Apr 06, 2026