Description
10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.
Published: 2026-05-23
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack‑based buffer overflow exists in the registration key input dialog of 10‑Strike Network Inventory Explorer, allowing a local attacker to overwrite the Structured Exception Handler by entering a crafted string of 4188 bytes followed by shellcode. This flaw, classified as CWE‑121, enables execution of arbitrary code with the privileges of the running application and can be triggered by simply pasting the malicious key into the registration dialog.

Affected Systems

The vulnerability affects 10‑Strike Network Inventory Explorer version 8.54. No other affected versions are cited in the description.

Risk and Exploitability

The issue carries a CVSS score of 8.6. Exploitation requires local access, with no publicly available exploit code and an unavailable EPSS score. The vulnerability is not listed in CISA’s KEV catalog. An attacker with local privileges can trigger the overflow by launching the application and entering a malicious registration key, gaining code execution at the level granted to the application.

Generated by OpenCVE AI on May 23, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade 10‑Strike Network Inventory Explorer to the latest version that resolves the SEH buffer overflow in the registration key dialog.
  • Run the application with the minimum required privileges; avoid operating it as an administrator or root account.
  • Block or sandbox the vulnerable application for users who do not need it, or remove the registration key input functionality through configuration changes as a temporary workaround.

Generated by OpenCVE AI on May 23, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description 10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.
Title 10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH
First Time appeared 10-strike
10-strike network Inventory Explorer
Weaknesses CWE-121
CPEs cpe:2.3:a:10-strike:network_inventory_explorer:-:*:*:*:*:*:*:*
cpe:2.3:a:10-strike:network_inventory_explorer:8.54:*:*:*:*:*:*:*
cpe:2.3:a:10-strike:network_inventory_explorer:9.31:*:*:*:pro:*:*:*
cpe:2.3:a:10-strike:network_inventory_explorer:9.3:*:*:*:*:*:*:*
Vendors & Products 10-strike
10-strike network Inventory Explorer
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

10-strike Network Inventory Explorer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-23T18:30:46.677Z

Reserved: 2026-05-23T14:45:41.616Z

Link: CVE-2018-25344

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T20:30:25Z

Weaknesses