CVE-2018-25255

10-Strike LANState 8.8 Local Buffer Overflow SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-787

Vexday Risk Score

41Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.6EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

04 Apr 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

10-Strike · Strike LANState

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/45086unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.10-strike.com/lanstate/download.shtml https://www.10-strike.com/products.shtml https://www.exploit-db.com/exploits/45086 https://www.vulncheck.com/advisories/10-strike-lanstate-local-buffer-overflow-seh