Description
Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard.
Published: 2026-04-22
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: Local Arbitrary Code Execution
Action: Immediate Patch
AI Analysis

Impact

Terminal Services Manager 3.1 contains a stack-based buffer overflow in the computer names field. An attacker can craft a malicious input file that, when processed by the Add Computers wizard, overwrites the structured exception handling pointer and executes arbitrary code such as calc.exe. The flaw allows local users to gain code execution on the host system.

Affected Systems

The affected product is Terminal Services Manager version 3.1 from Lizardsystems. No other vendors or versions are listed. The vulnerability applies to all installations of this software that have not applied any vendor patch.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity, and the vulnerability is exploitable locally by anyone who can create or supply a malicious file. Although the EPSS score is not available, the lack of KEV listing suggests no known active exploitation campaigns. Attackers would need local access to the machine and would trigger the flaw by opening the crafted file through the wizard, leading to full code execution.

Generated by OpenCVE AI on April 22, 2026 at 18:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s official patch or upgrade to a non‑vulnerable version of Terminal Services Manager.
  • Restrict the Add Computers wizard to authenticated administrative users, ensuring that only privileged users can supply or import computer lists to prevent local execution of malicious files.
  • If the import feature is not required, disable or remove it and monitor file handling with integrity controls to detect abnormal activity.

Generated by OpenCVE AI on April 22, 2026 at 18:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard.
Title Terminal Services Manager 3.1 Buffer Overflow SEH
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-22T14:56:57.113Z

Reserved: 2026-04-22T11:21:22.260Z

Link: CVE-2018-25259

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T16:16:45.437

Modified: 2026-04-22T21:23:52.620

Link: CVE-2018-25259

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T18:45:24Z

Weaknesses