Network Scanner — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/network-scanner/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 26 May 2026 13:38:29 +000010-Strike Network Scanner 3.0 Buffer Overflow Leading to Remote Code Executionhttps://feed.craftedsignal.io/briefs/2026-05-10-strike-rce/Tue, 26 May 2026 13:38:29 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-10-strike-rce/A buffer overflow vulnerability exists in 10-Strike Network Scanner 3.0, allowing attackers to bypass SafeSEH protections and execute arbitrary code by crafting a malicious payload in the host name or address field and triggering the vulnerability through the Trace route or System information functions.10-Strike Network Scanner 3.0 is susceptible to a buffer overflow vulnerability (CVE-2018-25345) within the host name field. Successful exploitation of this vulnerability allows an attacker to bypass SafeSEH protections and execute arbitrary code within the context of the application. The vulnerability can be triggered via the Trace route or System information functions when processing a crafted host name or address field. This poses a significant risk to organizations utilizing this software, as it could lead to unauthorized access, data breaches, or complete system compromise. The vulnerable version is 3.0.

Attack Chain

  1. The attacker identifies a vulnerable instance of 10-Strike Network Scanner 3.0.
  2. The attacker crafts a malicious payload designed to exploit the buffer overflow in the host name or address field. The payload is crafted to bypass SafeSEH.
  3. The attacker inputs the malicious payload into the host name or address field within the application’s interface.
  4. The attacker initiates either the “Trace route” or “System information” function targeting the input containing the malicious payload.
  5. The application attempts to process the input, triggering the buffer overflow.
  6. The crafted payload overwrites the return address on the stack, bypassing SafeSEH protection.
  7. Control is redirected to the attacker-controlled code within the payload.
  8. The attacker achieves arbitrary code execution within the context of the Network Scanner application.

Impact

Successful exploitation of CVE-2018-25345 can lead to arbitrary code execution, potentially granting an attacker full control over the affected system. This could result in data breaches, malware installation, or further lateral movement within the network. Given the nature of network scanners, successful exploitation could provide attackers with valuable network reconnaissance capabilities, compounding the impact.

Recommendation

  • Monitor process execution for the creation of child processes from the 10-Strike Network Scanner executable, indicating potential exploitation (see Sigma rule “Detect 10-Strike Network Scanner Suspicious Child Process”).
  • Implement network segmentation to limit the potential impact of a successful exploit.
  • While no patch is available, consider migrating to an alternative solution that provides similar functionality without the vulnerability.
]]>highthreatbuffer-overflowrcewindows