CVE-2018-25259

HIGH EPSS 8.7%
Published Apr 22, 20262mo ago · Modified Jun 17, 20261w ago
8.6 CVSS 4.0
High
Find Similar
Published Apr 22, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard.

CVSS Details

Base Score
8.6
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
8.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-306 Missing Authentication for Critical Function Authentication

Affected Products 1

VendorProductVersionRange
lizardsystemsterminal_services_manager* ≤3.1

References 3

  • lizardsystems.com https://lizardsystems.com
    Product
  • exploit-db.com https://www.exploit-db.com/exploits/46058
    ExploitVDB Entry
  • vulncheck.com https://www.vulncheck.com/advisories/terminal-services-manager-buffer-overflow-seh
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.