CVE-2018-25255
HIGHCVSS v3.1: 8.4 · EPSS: 0.0002 (4.3 percentile)
Source data as of:
At a glance
- Severity
- HIGH
- CVSS
- 8.4 v3.1 · NVD
- EPSS
- 0.0002 (4.3 percentile) · FIRST.org
- CISA KEV
- No
- Type
- Out-of-bounds Write · NVD CWE
- Attack conditions (CVSS vector)
- No privilegesNo user interaction · Source: NVD Vector
- Published
- 2026-04-04 · Modified: 2026-04-16
- References
- Jump to references (4)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.