Description
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.
Published: 2026-04-04
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Patch
AI Analysis

Impact

A local buffer overflow exists in structured exception handling within 10-Strike LANState 8.8. By crafting a malicious LSM file, a local attacker can overflow a buffer in the ObjCaption parameter, overwrite the SEH chain, and execute arbitrary shellcode when the file is opened. The vulnerability permits attackers to run code with the privileges of the user launching the file, potentially compromising system integrity and confidentiality.

Affected Systems

The affected product is Strike LANState, version 8.8, distributed by 10-Strike. No other versions were specifically mentioned as affected in the available data.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.6, indicating high severity. EPSS data is not available, but the flaw is in a local context and would not be exploitable remotely. The entry is not listed in CISA’s KEV catalog. Attackers require local access to the target system, the ability to create and open an LSM map file, and the application must be running to trigger the overflow. Successful exploitation results in code execution, elevating threat to full system compromise.

Generated by OpenCVE AI on April 4, 2026 at 17:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade to a non‑vulnerable version of Strike LANState. If a patch is not immediately available, limit the ability of users to open or create LSM files, or employ application whitelisting to block execution of unknown files. Monitor the environment for malicious LSM files and review system logs for abnormal SEH behavior.

Generated by OpenCVE AI on April 4, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared 10-strike
10-strike strike Lanstate
Vendors & Products 10-strike
10-strike strike Lanstate

Mon, 06 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description 10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.
Title 10-Strike LANState 8.8 Local Buffer Overflow SEH
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

10-strike Strike Lanstate
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T13:26:37.887Z

Reserved: 2026-04-04T13:30:17.673Z

Link: CVE-2018-25255

cve-icon Vulnrichment

Updated: 2026-04-06T13:26:33.185Z

cve-icon NVD

Status : Deferred

Published: 2026-04-04T14:16:21.907

Modified: 2026-04-16T16:15:56.380

Link: CVE-2018-25255

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:32Z

Weaknesses