CVE-2018-25259

HIGH

Terminal Services Manager 3.1 Buffer Overflow SEH

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25259. PoCs published by bzyo.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Terminal Services Manager 3.1, leveraging SEH overwrite to achieve remote code execution. The payload is crafted to avoid bad characters and execute calc.exe via a structured buffer.

Description

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard.

Exploits (1)

exploitdb WORKING POC

by bzyo · pythonlocalwindows_x86

https://www.exploit-db.com/exploits/46058

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in Terminal Services Manager 3.1, leveraging SEH overwrite to achieve remote code execution. The payload is crafted to avoid bad characters and execute calc.exe via a structured buffer.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Terminal Services Manager 3.1

No auth needed

Prerequisites: Terminal Services Manager 3.1 installed on Windows 7 SP1 x86 · User interaction to trigger the import from file functionality

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 22, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46058

https://www.exploit-db.com/exploits/46058

Product product

Official Product Homepage

https://lizardsystems.com

Third Party Advisory third-party-advisory

VulnCheck Advisory: Terminal Services Manager 3.1 Buffer Overflow SEH

https://www.vulncheck.com/advisories/terminal-services-manager-buffer-overflow-seh

Scores

CVSS v3 8.4

EPSS 0.0019

EPSS Percentile 8.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

Lizardsystems/Terminal Services Manager 3.1

lizardsystems/terminal_services_manager < 3.1

Published Apr 22, 2026

Tracked Since Apr 22, 2026