LanSend 3.2 is susceptible to a critical buffer overflow vulnerability that enables Remote Code Execution (RCE) when a malicious file is processed during a computer import operation.

The vulnerability is located in the "Add Computers Wizard" file import feature. An attacker can craft a malicious file that, when imported by a user, overwrites the Structured Exception Handler (SEH) and executes arbitrary shellcode on the system.

The CVSS score of 9.8 indicates a critical risk level. Successful exploitation allows an attacker to take complete control of the local system. In a corporate environment, this could lead to the compromise of administrative accounts and subsequent lateral movement across the network, as LanSend is typically used for network administration.

Immediate Action: Update LanSend to the latest version immediately. Discontinue the use of the file import feature until the software has been patched.

Proactive Monitoring: Review endpoint security logs for any suspicious activity triggered by the LanSend process, particularly during administrative tasks.

Compensating Controls: Utilize application whitelisting and ensure that administrative tools are run in a restricted environment with limited privileges whenever possible.

Public Exploit Available: false

The most effective mitigation is applying the vendor's patch. Organizations should also enforce strict policies regarding the source of administrative data files and consider using sandboxed environments for performing bulk import operations to contain potential exploits.