CVE-2018-25265

HIGH

LanSpy 2.0.1.159 Local Buffer Overflow

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25265. PoCs published by bzyo.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow in LanSpy 2.0.1.159, leveraging SEH overwrites and an egghunter to achieve arbitrary code execution (calc.exe). The PoC generates two payload files: one for the egghunter and another for the calc payload.

Description

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps.

Exploits (1)

exploitdb WORKING POC

by bzyo · pythonlocalwindows_x86

https://www.exploit-db.com/exploits/46018

View Code ZIP pw:eip

This exploit demonstrates a local buffer overflow in LanSpy 2.0.1.159, leveraging SEH overwrites and an egghunter to achieve arbitrary code execution (calc.exe). The PoC generates two payload files: one for the egghunter and another for the calc payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: LanSpy 2.0.1.159

No auth needed

Prerequisites: Local access to the vulnerable application · Python to generate payloads

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 22, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46018

https://www.exploit-db.com/exploits/46018

Product product

Official Product Homepage

https://lizardsystems.com

Third Party Advisory third-party-advisory

VulnCheck Advisory: LanSpy 2.0.1.159 Local Buffer Overflow

https://www.vulncheck.com/advisories/lanspy-local-buffer-overflow

Scores

CVSS v3 8.4

EPSS 0.0021

EPSS Percentile 10.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

lizardsystems/lanspy < 2.0.1.159

Lizardsystems/LanSpy 2.0.1.159

Published Apr 22, 2026

Tracked Since Apr 22, 2026