CVE-2018-25344

HIGH EPSS 5.8%

Published May 23, 20261mo ago · Modified Jun 17, 20261w ago

8.6 CVSS 4.0

High

Published May 23, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.

CVSS Details

Base Score

8.6

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

5.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-121

References 3

10-strike.com https://www.10-strike.com/
exploit-db.com https://www.exploit-db.com/exploits/44840
vulncheck.com https://www.vulncheck.com/advisories/10-strike-network-inventory-explorer-buffer-overflow-seh

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.