CVE-2018-25299

Prime95 29.4b8 Local Buffer Overflow via SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-120

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Mersenne · Prime95

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/44649unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/44649 https://www.mersenne.org/https://www.mersenne.org/download/#download https://www.vulncheck.com/advisories/prime95-29-4b8-local-buffer-overflow-via-seh