Home

Description

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps.

PUBLISHED Reserved 2026-04-22 | Published 2026-04-22 | Updated 2026-04-22 | Assigner VulnCheck




HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Out-of-bounds Write

Product status

Default status
unaffected

2.0.1.159 (semver)
affected

Credits

bzyo finder

References

www.exploit-db.com/exploits/46018 (ExploitDB-46018) exploit

lizardsystems.com (Official Product Homepage) product

www.vulncheck.com/advisories/lanspy-local-buffer-overflow (VulnCheck Advisory: LanSpy 2.0.1.159 Local Buffer Overflow) third-party-advisory

cve.org (CVE-2018-25265)

nvd.nist.gov (CVE-2018-25265)

Download JSON