Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary …

CVE-2018-25259 affects Terminal Services Manager 3.1, containing a stack-based buffer overflow vulnerability in the computer names field. Local attackers can exploit this vulnerability to execute arbitrary code by triggering structured exception handling. The attack involves crafting malicious input files with shellcode and jump instructions that overwrite the SEH handler pointer. When imported through the add computers wizard, the exploit can execute calc.exe or other payloads. This vulnerability allows for local privilege escalation and arbitrary code execution through a buffer overflow technique.