10-Strike Network Scanner 3.0 Local Buffer Overflow SEH
Description
10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
10-Strike Network Scanner 3.0 has a local buffer overflow in the host name field, allowing attackers to bypass SafeSEH and execute arbitrary code.
Vulnerability
10-Strike Network Scanner version 3.0 contains a local buffer overflow vulnerability (CWE-120) in the host name or address field. The vulnerable software is available from the vendor's homepage [1]. The issue occurs when a crafted payload is pasted into the 'Host name or address' field under the 'Add host' dialog. The code path is reachable when using the Trace route or System information functions on a host with a maliciously long name. All versions up to and including 3.0 are affected [3].
Exploitation
An attacker must have local access to the machine running the vulnerable software and be able to paste a payload into the host name field. No authentication is required as the application runs at the user's privilege level. The attacker copies the malicious payload into the 'Host name or address' field when adding a new host. Then, right-clicking the newly created host and selecting 'Trace route...' or 'System information > General' triggers the overflow [2]. The exploit bypasses SafeSEH protections because all loaded modules are compiled with /SafeSEH; however, the application converts null bytes (0x00) to space characters (0x20), eliminating the use of pop, pop, retn pointers in the base binary. The exploit uses a crafted SEH overwrite to achieve code execution [2].
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the user running 10-Strike Network Scanner. The attacker can achieve full compromise of the affected host's confidentiality, integrity, and availability, as indicated by a CVSS v4 base score of 8.4 (AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H) [3]. The payload used in the proof of concept binds a shell to a TCP port for remote access [2].
Mitigation
As of the disclosure timeline (June 2018), the vendor was contacted multiple times with no response, and no official patch or security update has been released [2]. Users are advised to restrict local access to the machine running 10-Strike Network Scanner 3.0 and to avoid pasting untrusted data into the host name field. The product may be end-of-life or unsupported; upgrading to a newer version (if available) or switching to an alternative network scanner is recommended. The vulnerability is not listed on the CISA KEV as of this writing.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/44841mitreexploit
- www.vulncheck.com/advisories/10-strike-network-scanner-local-buffer-overflow-sehmitrethird-party-advisory
- www.10-strike.commitreproduct
News mentions
0No linked articles in our index yet.