CVE-2018-25213
Published: 26 March 2026
Summary
CVE-2018-25213 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Nsasoft Nsauditor. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2018-25213 is a structured exception handling (SEH) buffer overflow vulnerability (CWE-787) in Nsauditor version 3.0.28.0. The flaw resides in the DNS Lookup tool, where insufficient bounds checking on user-supplied input leads to a buffer overflow. This affects the Windows application Nsauditor, a network security auditing tool, with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.
Local attackers can exploit this vulnerability by crafting malicious input for the DNS Query field in the DNS Lookup tool. By overwriting the SEH chain and injecting shellcode, attackers achieve arbitrary code execution with the privileges of the running Nsauditor application. No user privileges or special access beyond local system presence are required, and exploitation requires low complexity with no user interaction.
Advisories and related resources, including an exploit proof-of-concept, are available at http://www.nsauditor.com, http://www.nsauditor.com/downloads/nsauditor_setup.exe, https://www.exploit-db.com/exploits/46005, and https://www.vulncheck.com/advisories/nsauditor-local-seh-buffer-overflow. No specific patches or mitigations are detailed in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21684
Vulnerability details
Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through…
more
the DNS Query field to achieve code execution with application privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local SEH buffer overflow enables arbitrary code execution within the Nsauditor process, directly mapping to exploitation for privilege escalation or code execution on the host.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 requires validation of user-supplied inputs to prevent buffer overflows like the one in the DNS Query field.
SI-16 implements memory protections such as DEP and ASLR to block SEH chain overwrites and shellcode execution from buffer overflows.
SI-11 ensures secure error and exception handling to mitigate exploitation via structured exception handling vulnerabilities.