CVE-2018-25299 | THREATINT

Description

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.

PUBLISHED Reserved 2026-04-29 | Published 2026-04-29 | Updated 2026-04-30 | Assigner VulnCheck

HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

29.4b8

affected

Credits

crash_manucoot finder

References

www.exploit-db.com/exploits/44649 (ExploitDB-44649) exploit

www.mersenne.org/ (Official Product Homepage) product

www.mersenne.org/download/ (Product Reference) product

www.vulncheck.com/...95-29-4b8-local-buffer-overflow-via-seh (VulnCheck Advisory: Prime95 29.4b8 Local Buffer Overflow via SEH) third-party-advisory

cve.org (CVE-2018-25299)

nvd.nist.gov (CVE-2018-25299)

Download JSON