← back
CVE-2018-25360

AgataSoft Auto PingMaster 1.5 Buffer Overflow SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-121
AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructions that overwrite the SEH handler pointer to achieve code execution when the file contents are pasted into the application.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Agatasoft · Auto PingMaster
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45151unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://agatasoft.com/https://www.exploit-db.com/exploits/45151https://www.vulncheck.com/advisories/agatasoft-auto-pingmaster-buffer-overflow-seh