Description
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service.
Published: 2026-03-28
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Code Execution
Action: Patch Now
AI Analysis

Impact

Mapscrn 2.0.3 contains a stack-based buffer overflow that enables a local attacker to supply an oversized input buffer and overwrite the stack. By crafting a payload that includes junk data, a return address, NOP instructions, and shellcode, the attacker can either execute arbitrary code or crash the application, leading to a denial of service. The weakness is identified as CWE-787, a classic buffer overflow scenario.

Affected Systems

The vulnerability affects the Mapscrn application from vendor msk, specifically version 2.0.3. No other versions are listed as impacted in the available data.

Risk and Exploitability

With a CVSS score of 8.6 the vulnerability is classified as high severity. Exploitation requires local access to the system and the ability to launch Mapscrn with a crafted input, so the attack vector is likely local. The EPSS score is not provided and the vulnerability is not currently listed in CISA’s KEV catalog, but the high CVSS rating and local exploitation potential represent a significant risk to systems running the affected version.

Generated by OpenCVE AI on March 28, 2026 at 13:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade to a fixed version of Mapscrn.
  • If no patch is available, run Mapscrn with the least privilege and limit its exposure to untrusted input.
  • Disable or remove Mapscrn from systems where the functionality is not required.
  • Check the vendor’s website or security advisories for updates or additional mitigations.

Generated by OpenCVE AI on March 28, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Msk
Msk mapscrn
Vendors & Products Msk
Msk mapscrn

Sat, 28 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service.
Title Mapscrn 2.0.3 Stack-Based Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Msk Mapscrn
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T15:18:13.596Z

Reserved: 2026-03-28T11:43:38.720Z

Link: CVE-2017-20226

cve-icon Vulnrichment

Updated: 2026-03-30T15:18:09.375Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-28T12:16:01.810

Modified: 2026-03-30T13:26:07.647

Link: CVE-2017-20226

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T06:59:14Z

Weaknesses