CVE-2018-25293

MEDIUM

Prime95 29.4b7 Denial of Service via Proxy Password Field

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25293. PoCs published by Gionathan Reale.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) vulnerability in Prime95 29.4b7 by overflowing the 'Optional proxy password' field with a large buffer of 'A' characters, causing the application to crash.

Description

Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. Attackers can trigger a denial of service by entering a 6000-byte payload into the proxy password parameter, causing the application to crash when processing the connection settings.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gionathan Reale · pythondoswindows_x86

https://www.exploit-db.com/exploits/45226

View Code ZIP pw:eip

This exploit demonstrates a Denial of Service (DoS) vulnerability in Prime95 29.4b7 by overflowing the 'Optional proxy password' field with a large buffer of 'A' characters, causing the application to crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Prime95 29.4b7

No auth needed

Prerequisites: Prime95 29.4b7 installed on Windows 7 32-bit · Access to the PrimeNet connection settings

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Apr 26, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-45226

https://www.exploit-db.com/exploits/45226

Product product

Official Product Homepage

http://www.mersenne.org

Product product

Product Reference

http://www.mersenne.org/ftp_root/gimps/p95v294b7.win32.zip

Third Party Advisory third-party-advisory

VulnCheck Advisory: Prime95 29.4b7 Denial of Service via Proxy Password Field

https://www.vulncheck.com/advisories/prime95-29-4b7-denial-of-service-via-proxy-password-field

Scores

CVSS v3 6.2

EPSS 0.0014

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

Mersenne/Prime95 29.4b7

Published Apr 26, 2026

Tracked Since Apr 26, 2026