CVE-2017-20226
Published: 28 March 2026
Summary
CVE-2017-20226 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Msk (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2017-20226 is a stack-based buffer overflow vulnerability (CWE-787) in Mapscrn version 2.0.3. The issue arises when the software processes an oversized input buffer, overwriting the stack and enabling potential control over execution flow.
Local attackers, requiring only unprivileged access to the system (AV:L/AC:L/PR:N/UI:N/S:U), can exploit this by supplying a crafted malicious buffer filled with junk data, a controlled return address, NOP instructions, and shellcode. Successful exploitation grants arbitrary code execution or denial of service, with a CVSS v3.1 base score of 8.4 reflecting high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
Advisories and references, including those from VulnCheck (https://www.vulncheck.com/advisories/mapscrn-stack-based-buffer-overflow), an Exploit-DB proof-of-concept (https://www.exploit-db.com/exploits/42144), and http://ccross.msk.su, document the vulnerability but do not specify patches or detailed mitigation steps in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-18945
Vulnerability details
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the…
more
stack and achieve code execution or denial of service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow with shellcode injection directly enables local arbitrary code execution for privilege escalation from unprivileged context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires identifying, reporting, and correcting system flaws like the stack-based buffer overflow in Mapscrn 2.0.3, directly eliminating the vulnerability through patching or remediation.
SI-10 enforces validation of information inputs to prevent oversized buffers from being processed, directly stopping the exploitation vector of CVE-2017-20226.
SI-16 implements memory protections such as stack canaries and non-executable stacks to block arbitrary code execution from stack overflows in Mapscrn.