CVE-2018-25259

HIGH

Terminal Services Manager 3.1 Buffer Overflow SEH

Title source: cna

Description

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard.

Exploits (1)

exploitdb WORKING POC

by bzyo · pythonlocalwindows_x86

https://www.exploit-db.com/exploits/46058

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/46058

[Product] https://lizardsystems.com

[Third Party Advisory] https://www.vulncheck.com/advisories/terminal-services-manager-buffer-overflow-seh

Scores

CVSS v3 8.4

EPSS 0.0001

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

Lizardsystems/Terminal Services Manager 3.1

lizardsystems/terminal_services_manager < 3.1

Published Apr 22, 2026

Tracked Since Apr 22, 2026