CVE-2018-25360

HIGH

AgataSoft Auto PingMaster 1.5 Buffer Overflow SEH

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25360. PoCs published by bzyo.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in AgataSoft Auto PingMaster 1.5, leveraging SEH (Structured Exception Handler) overwrites to achieve remote code execution (calc.exe). The payload is crafted using msfvenom with an alpha_mixed encoder to bypass bad characters.

Description

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructions that overwrite the SEH handler pointer to achieve code execution when the file contents are pasted into the application.

Exploits (1)

exploitdb WORKING POC

by bzyo · pythonlocalwindows

https://www.exploit-db.com/exploits/45151

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in AgataSoft Auto PingMaster 1.5, leveraging SEH (Structured Exception Handler) overwrites to achieve remote code execution (calc.exe). The payload is crafted using msfvenom with an alpha_mixed encoder to bypass bad characters.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AgataSoft Auto PingMaster 1.5

No auth needed

Prerequisites: Vulnerable application installed · User interaction to paste malicious input into the 'Host name' field

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 25, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-45151

https://www.exploit-db.com/exploits/45151

Product product

Official Product Homepage

http://agatasoft.com/

Third Party Advisory third-party-advisory

VulnCheck Advisory: AgataSoft Auto PingMaster 1.5 Buffer Overflow SEH

https://www.vulncheck.com/advisories/agatasoft-auto-pingmaster-buffer-overflow-seh

Scores

CVSS v3 8.4

EPSS 0.0018

EPSS Percentile 7.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

Agatasoft/Auto PingMaster 1.5

Published May 25, 2026

Tracked Since May 25, 2026