CVE-2018-25299

HIGH

Prime95 29.4b8 Local Buffer Overflow via SEH

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25299. PoCs published by crash_manucoot.

AI-analyzed exploit summary This is a functional local buffer overflow exploit targeting Prime95 29.4b8. It leverages a SEH overwrite with a crafted payload to execute arbitrary code (calc.exe) via a malformed proxy hostname field.

Description

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.

Exploits (1)

exploitdb WORKING POC
by crash_manucoot · pythonlocalwindows
https://www.exploit-db.com/exploits/44649

This is a functional local buffer overflow exploit targeting Prime95 29.4b8. It leverages a SEH overwrite with a crafted payload to execute arbitrary code (calc.exe) via a malformed proxy hostname field.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Prime95 29.4b8
No auth needed
Prerequisites: Prime95 29.4b8 installed · User interaction to paste payload into proxy hostname field
devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-44649
https://www.exploit-db.com/exploits/44649
Product product
Official Product Homepage
https://www.mersenne.org/
Product product
Product Reference
https://www.mersenne.org/download/#download
Third Party Advisory third-party-advisory
VulnCheck Advisory: Prime95 29.4b8 Local Buffer Overflow via SEH
https://www.vulncheck.com/advisories/prime95-29-4b8-local-buffer-overflow-via-seh

Scores

CVSS v3 8.4
EPSS 0.0016
EPSS Percentile 5.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-120
Status published
Products (1)
Mersenne/Prime95 29.4b8
Published Apr 29, 2026
Tracked Since Apr 30, 2026