Vulnerability Description
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://www.exploit-db.com/exploits/46703
- https://www.uvnc.com/
- https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html
- https://www.vulncheck.com/advisories/ultravnc-launcher-denial-of-service-buffer-
FAQ
What is CVE-2019-25601?
CVE-2019-25601 is a vulnerability with a CVSS score of 6.2 (MEDIUM). UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string...
How severe is CVE-2019-25601?
CVE-2019-25601 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25601?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.