Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
CVE-2018-25344: 10-Strike Network Inventory Explorer 8.54: Malicious Registration Key Code Execution
CVE-2018-25344
Summary
The 10-Strike Network Inventory Explorer software has a security flaw that allows a local attacker to run malicious code with administrator privileges. This can happen if an attacker creates a fake registration key and enters it into the software. To protect yourself, update to the latest version of the software or consider using an alternative inventory tool.
Original title
10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggerin...
Original description
10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.
nvd CVSS3.1
8.4
nvd CVSS4.0
8.6
Vulnerability type
CWE-121
Stack-based Buffer Overflow
Published: 23 May 2026 · Updated: 30 May 2026 · First seen: 26 May 2026