CVE-2018-25259
Stack-Based Buffer Overflow in Terminal Services Manager 3.1 Enables Code Execution
Publication date: 2026-04-22
Last updated on: 2026-04-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lizardsystems | terminal_services_manager | to 3.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Terminal Services Manager 3.1 has a stack-based buffer overflow vulnerability in the computer names field. This flaw allows local attackers to execute arbitrary code by exploiting structured exception handling (SEH). Specifically, attackers can create a malicious input file containing shellcode and jump instructions that overwrite the SEH handler pointer. When this file is imported through the add computers wizard, the attackerβs code, such as calc.exe or other payloads, can be executed.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code on the affected system with potentially high impact. Because the attacker can run code of their choice, this may lead to unauthorized actions such as running malicious programs, gaining elevated privileges, or compromising system integrity and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if Terminal Services Manager version 3.1 or earlier is in use and whether malicious input files have been imported through the "add computers" wizard.
Since the exploit requires a crafted input file with shellcode targeting the computer names field, monitoring for unusual or malformed input files imported into the application can help detect exploitation attempts.
No specific commands are provided in the available resources to detect this vulnerability directly.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing the import of untrusted or suspicious input files through the "add computers" wizard in Terminal Services Manager.
Since the vulnerability allows local attackers to execute arbitrary code without privileges or user interaction, restricting local access to the affected application and ensuring only trusted users can operate it is important.
Applying any available patches or updates from the vendor to fix the buffer overflow vulnerability is recommended.