CVE-2018-25265

HIGH

LanSpy 2.0.1.159 Local Buffer Overflow

Title source: cna

Description

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps.

Exploits (1)

exploitdb WORKING POC

by bzyo · pythonlocalwindows_x86

https://www.exploit-db.com/exploits/46018

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/46018

[Product] https://lizardsystems.com

[Third Party Advisory] https://www.vulncheck.com/advisories/lanspy-local-buffer-overflow

Scores

CVSS v3 8.4

EPSS 0.0001

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

lizardsystems/lanspy < 2.0.1.159

Lizardsystems/LanSpy 2.0.1.159

Published Apr 22, 2026

Tracked Since Apr 22, 2026