top of page
perceptive_background_267k.jpg

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary …

Published:

21 April 2026 at 22:00:00

Alert date:

22 April 2026 at 22:11:22

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications

CVE-2018-25259 affects Terminal Services Manager 3.1, containing a stack-based buffer overflow vulnerability in the computer names field. Local attackers can exploit this vulnerability to execute arbitrary code by triggering structured exception handling. The attack involves crafting malicious input files with shellcode and jump instructions that overwrite the SEH handler pointer. When imported through the add computers wizard, the exploit can execute calc.exe or other payloads. This vulnerability allows for local privilege escalation and arbitrary code execution through a buffer overflow technique.

Technical details

Mitigation steps:

Affected products:

Terminal Services Manager 3.1

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25259
https://lizardsystems.com
https://www.exploit-db.com/exploits/46058
https://www.vulncheck.com/advisories/terminal-services-manager-buffer-overflow-seh

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page