{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/agatasoft/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25360"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Auto PingMaster 1.5"],"_cs_severities":["high"],"_cs_tags":["cve","buffer-overflow","seh","code-execution"],"_cs_type":"threat","_cs_vendors":["AgataSoft"],"content_html":"\u003cp\u003eAgataSoft Auto PingMaster 1.5 is susceptible to a stack-based buffer overflow vulnerability, identified as CVE-2018-25360. This flaw resides within the Trace Route host name field. A local attacker can exploit this vulnerability by crafting a malicious ping.txt file containing shellcode and jump instructions. When the contents of this crafted file are pasted into the application, it overwrites the Structured Exception Handling (SEH) handler pointer, leading to arbitrary code execution. The CVSS v3.1 base score for this vulnerability is 8.4, indicating a high severity. This vulnerability allows a local attacker to gain control of the affected system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious \u003ccode\u003eping.txt\u003c/code\u003e file containing shellcode designed for exploitation.\u003c/li\u003e\n\u003cli\u003eThe crafted \u003ccode\u003eping.txt\u003c/code\u003e file includes jump instructions specifically designed to overwrite the SEH handler pointer.\u003c/li\u003e\n\u003cli\u003eThe attacker opens AgataSoft Auto PingMaster 1.5.\u003c/li\u003e\n\u003cli\u003eThe attacker pastes the contents of the malicious \u003ccode\u003eping.txt\u003c/code\u003e file into the Trace Route host name field within the application.\u003c/li\u003e\n\u003cli\u003eThe application attempts to process the oversized input within the Trace Route host name field.\u003c/li\u003e\n\u003cli\u003eThe stack-based buffer overflow occurs, overwriting the SEH handler pointer with the address specified in the malicious \u003ccode\u003eping.txt\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eAn exception is triggered within the application due to the overflow.\u003c/li\u003e\n\u003cli\u003eThe overwritten SEH handler is invoked, redirecting execution flow to the attacker-controlled shellcode, resulting in arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a local attacker to execute arbitrary code on the affected system. This could lead to complete system compromise, including data theft, modification, or destruction. Since the attack requires local access, it is most likely to be exploited by malicious insiders or attackers who have already gained a foothold on the system. The vulnerability can lead to privilege escalation, enabling the attacker to perform actions with elevated permissions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or upgrade to a secure version of AgataSoft Auto PingMaster if available.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent buffer overflows within applications, specifically targeting the Trace Route host name field to mitigate CVE-2018-25360.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect PingMaster SEH Overwrite\u003c/code\u003e to identify potential exploitation attempts by detecting processes being called from unusual locations due to SEH overwrite.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for suspicious processes spawned by Auto PingMaster as a result of successful exploitation, using the Sigma rule \u003ccode\u003eDetect PingMaster Suspicious Child Process\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDisable or restrict the use of AgataSoft Auto PingMaster 1.5 if patching or upgrading is not immediately feasible.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:13:25Z","date_published":"2026-05-26T14:13:25Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25360-pingmaster-overflow/","summary":"AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability (CVE-2018-25360) in the Trace Route host name field, allowing local attackers to execute arbitrary code by triggering structured exception handling.","title":"AgataSoft Auto PingMaster 1.5 Stack-Based Buffer Overflow (CVE-2018-25360)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25360-pingmaster-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — AgataSoft","version":"https://jsonfeed.org/version/1.1"}