Description
AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructions that overwrite the SEH handler pointer to achieve code execution when the file contents are pasted into the application.
Published: 2026-05-25
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow in the Trace Route host name field that allows a local attacker to execute arbitrary code by triggering structured exception handling. The flaw is triggered when a malicious ping.txt file is pasted into the application, permitting the attacker to overwrite the SEH handler pointer and run injected shellcode. The result is local code execution with the privileges of the running user, potentially leading to full system compromise if the victim operates with elevated rights.

Affected Systems

AgataSoft Auto PingMaster 1.5

Risk and Exploitability

The vulnerability carries a high CVSS score of 8.6, indicating severe impact. EPSS information is not available, and the issue is not listed in the CISA KEV catalog. Exploitation requires local file creation and user interaction; an attacker must craft a malicious ping.txt file containing shellcode and SEH jump instructions and then paste its contents into the application. Once this occurs, the buffer overflow triggers and arbitrary code executes within the context of the user running the software.

Generated by OpenCVE AI on May 25, 2026 at 15:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest AgataSoft Auto PingMaster version if the vendor releases a patch
  • Restrict the use of the ping.txt input feature to trusted users and consider disabling or removing the paste functionality for untrusted files
  • Enforce file permission controls to limit local file modifications, preventing unprivileged users from creating or editing ping.txt with malicious data

Generated by OpenCVE AI on May 25, 2026 at 15:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Agatasoft
Agatasoft auto Pingmaster
Vendors & Products Agatasoft
Agatasoft auto Pingmaster

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 25 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructions that overwrite the SEH handler pointer to achieve code execution when the file contents are pasted into the application.
Title AgataSoft Auto PingMaster 1.5 Buffer Overflow SEH
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Agatasoft Auto Pingmaster
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T18:42:40.015Z

Reserved: 2026-05-24T13:20:31.155Z

Link: CVE-2018-25360

cve-icon Vulnrichment

Updated: 2026-05-26T18:41:41.956Z

cve-icon NVD

Status : Deferred

Published: 2026-05-25T15:16:18.507

Modified: 2026-05-26T19:47:48.987

Link: CVE-2018-25360

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:05:57Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow