Cyber Resilience

CVE-2017-20226

HighPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2017-20226 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Msk (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2017-20226 is a stack-based buffer overflow vulnerability (CWE-787) in Mapscrn version 2.0.3. The issue arises when the software processes an oversized input buffer, overwriting the stack and enabling potential control over execution flow.

Local attackers, requiring only unprivileged access to the system (AV:L/AC:L/PR:N/UI:N/S:U), can exploit this by supplying a crafted malicious buffer filled with junk data, a controlled return address, NOP instructions, and shellcode. Successful exploitation grants arbitrary code execution or denial of service, with a CVSS v3.1 base score of 8.4 reflecting high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

Advisories and references, including those from VulnCheck (https://www.vulncheck.com/advisories/mapscrn-stack-based-buffer-overflow), an Exploit-DB proof-of-concept (https://www.exploit-db.com/exploits/42144), and http://ccross.msk.su, document the vulnerability but do not specify patches or detailed mitigation steps in the available information.

EU & UK References

Vulnerability details

Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the…

more

stack and achieve code execution or denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack-based buffer overflow with shellcode injection directly enables local arbitrary code execution for privilege escalation from unprivileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787
CVE-2024-35273Shared CWE-787
CVE-2022-49062Shared CWE-787

Affected Assets

Msk
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires identifying, reporting, and correcting system flaws like the stack-based buffer overflow in Mapscrn 2.0.3, directly eliminating the vulnerability through patching or remediation.

prevent

SI-10 enforces validation of information inputs to prevent oversized buffers from being processed, directly stopping the exploitation vector of CVE-2017-20226.

prevent

SI-16 implements memory protections such as stack canaries and non-executable stacks to block arbitrary code execution from stack overflows in Mapscrn.

References