Vulnerabilities ›

CVE-2018-25360

High

CWE-121 — Weakness Type

                    Published: May 25, 2026                      ·  Modified: Jun 1, 2026                      ·  Source: NVD                

CVSS v3

8.4

🔗 NVD Official

📄 Description (English)

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructions that overwrite the SEH handler pointer to achieve code execution when the file contents are pasted into the application.

🤖 AI Executive Summary

CVE-2018-25360 is a stack-based buffer overflow vulnerability in AgataSoft Auto PingMaster 1.5 affecting the Trace Route hostname field. Attackers can exploit this via crafted ping.txt files to execute arbitrary code through SEH handler manipulation. With a CVSS score of 8.4 and no available patch, this poses a significant risk to organizations using this legacy network diagnostic tool.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 28, 2026 23:32

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily affects Saudi government IT departments, telecommunications operators (STC), and smaller enterprises that may still use legacy network diagnostic tools. Government agencies under NCA oversight and ARAMCO's IT infrastructure are at moderate risk if Auto PingMaster is deployed. The local attack vector limits exposure, but organizations with shared workstations or weak access controls face elevated risk. Banking sector impact is minimal unless used in isolated network segments.

🏢 Affected Saudi Sectors

Government Telecommunications Energy Education Healthcare Small/Medium Enterprises

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1055 - Process Injection T1574 - Hijack Execution Flow T1547 - Boot or Logon Autostart Execution T1566 - Phishing

⚖️ Saudi Risk Score (AI)

6.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all systems running AgataSoft Auto PingMaster 1.5 and document usage across the organization

2. Restrict file access permissions to ping.txt files and implement strict input validation

3. Disable or uninstall Auto PingMaster 1.5 if alternative network diagnostic tools are available

4. Implement application whitelisting to prevent execution of untrusted ping.txt files



Compensating Controls:

1. Deploy Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) on affected systems

2. Run the application with minimal user privileges and disable SEH-based exploits where possible

3. Monitor for suspicious ping.txt file creation and modification in user directories

4. Implement file integrity monitoring on application directories



Detection Rules:

1. Alert on ping.txt files exceeding 1KB in size or containing binary/shellcode patterns

2. Monitor for abnormal process termination or exception handling in Auto PingMaster processes

3. Track unauthorized modifications to SEH handler pointers via kernel debugging tools

4. Log all instances of ping.txt file access and paste operations within the application

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حصر جميع الأنظمة التي تقوم بتشغيل AgataSoft Auto PingMaster 1.5 وتوثيق الاستخدام عبر المنظمة

2. تقييد أذونات الوصول إلى ملفات ping.txt وتطبيق التحقق الصارم من المدخلات

3. تعطيل أو إلغاء تثبيت Auto PingMaster 1.5 إذا كانت أدوات تشخيصية شبكية بديلة متاحة

4. تطبيق قائمة بيضاء للتطبيقات لمنع تنفيذ ملفات ping.txt غير الموثوقة

الضوابط التعويضية:

1. نشر Data Execution Prevention (DEP) و Address Space Layout Randomization (ASLR) على الأنظمة المتأثرة

2. تشغيل التطبيق بأقل امتيازات للمستخدم وتعطيل الاستغلالات القائمة على SEH حيثما أمكن

3. مراقبة إنشاء وتعديل ملفات ping.txt المريبة في دلائل المستخدم

4. تطبيق مراقبة سلامة الملفات على دلائل التطبيقات

قواعد الكشف:

1. تنبيه على ملفات ping.txt التي تتجاوز 1KB أو تحتوي على أنماط ثنائية/shellcode

2. مراقبة إنهاء العملية غير الطبيعي أو معالجة الاستثناءات في عمليات Auto PingMaster

3. تتبع التعديلات غير المصرح بها على مؤشرات معالج SEH عبر أدوات تصحيح النواة

4. تسجيل جميع حالات الوصول إلى ملفات ping.txt وعمليات اللصق داخل التطبيق

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Information Security Policies and Procedures ECC 2024 A.8.1.1 - User Endpoint Devices ECC 2024 A.8.2.1 - Privileged Access Rights ECC 2024 A.8.3.1 - Access Control Implementation

🔵 SAMA CSF

SAMA CSF ID.AM-2 - Software Inventory and Management SAMA CSF PR.AC-1 - Access Control Policy SAMA CSF PR.PT-1 - Security Awareness and Training SAMA CSF DE.CM-1 - System Monitoring

🟡 ISO 27001:2022

ISO 27001:2022 A.5.1 - Policies for Information Security ISO 27001:2022 A.8.1 - User Endpoint Devices ISO 27001:2022 A.8.2 - Privileged Access Rights ISO 27001:2022 A.8.3 - Information Access Restriction

🔗 References & Sources 3

🔗

http://agatasoft.com/

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/45151

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/agatasoft-auto-pingmaster-buffer-overflow-seh

disclosure@vulncheck.com

📊 CVSS Score

8.4

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.4

CWECWE-121

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-05-25

Source Feed nvd

🇸🇦 Saudi Risk Score

6.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-121

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2018-25360

Introduce Yourself

Sign In Required