{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25601", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T12:59:45.501Z", "datePublished": "2026-03-22T13:38:37.511Z", "dateUpdated": "2026-03-23T16:16:48.472Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:37.511Z"}, "datePublic": "2019-04-14T00:00:00.000Z", "title": "UltraVNC Launcher 1.2.2.4 Denial of Service Buffer Overflow", "descriptions": [{"lang": "en", "value": "UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Uvnc", "product": "UltraVNC Launcher", "versions": [{"version": "1.2.2.4", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46703", "name": "ExploitDB-46703", "tags": ["exploit"]}, {"url": "https://www.uvnc.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: UltraVNC Launcher 1.2.2.4 Denial of Service Buffer Overflow", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ultravnc-launcher-denial-of-service-buffer-overflow"}], "credits": [{"lang": "en", "value": "Victor Mondrag\u00f3n", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:16:39.738568Z", "id": "CVE-2019-25601", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:16:48.472Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25601", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:16:39.738568Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:16:44.718Z"}}], "cna": {"title": "UltraVNC Launcher 1.2.2.4 Denial of Service Buffer Overflow", "credits": [{"lang": "en", "type": "finder", "value": "Victor Mondrag\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Uvnc", "product": "UltraVNC Launcher", "versions": [{"status": "affected", "version": "1.2.2.4"}]}], "datePublic": "2019-04-14T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46703", "name": "ExploitDB-46703", "tags": ["exploit"]}, {"url": "https://www.uvnc.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/ultravnc-launcher-denial-of-service-buffer-overflow", "name": "VulnCheck Advisory: UltraVNC Launcher 1.2.2.4 Denial of Service Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:37.511Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25601", "state": "PUBLISHED", "dateUpdated": "2026-03-23T16:16:48.472Z", "dateReserved": "2026-03-22T12:59:45.501Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:37.511Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition."}, {"lang": "es", "value": "UltraVNC Launcher 1.2.2.4 contiene una vulnerabilidad de desbordamiento de b\u00fafer en el campo de propiedad Path vncviewer.exe que permite a atacantes locales colapsar la aplicaci\u00f3n al proporcionar una cadena excesivamente larga. Los atacantes pueden introducir una carga \u00fatil de 300 bytes de caracteres repetidos a trav\u00e9s del di\u00e1logo de Propiedades para desencadenar una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2019-25601", "lastModified": "2026-04-16T16:19:50.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:27.530", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46703"}, {"source": "disclosure@vulncheck.com", "url": "https://www.uvnc.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ultravnc-launcher-denial-of-service-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.2.2.4"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "UltraVNC Launcher", "source": "cna", "vendor": "Uvnc"}, "product": "ultravnc_launcher", "vendor": "uvnc"}], "analysis": {"en": {"generated_at": "2026-03-22T14:41:25.713189+00:00", "value": {"mitigation_remediation": ["Upgrade UltraVNC Launcher to a version later than 1.2.2.4 if an update is available.", "If no update exists, uninstall the vulnerable application.", "Restrict local user permissions to prevent unauthorized input into the Properties dialog.", "Monitor application logs for unexpected crashes and apply future security patches as released."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerable product is UltraVNC Launcher version 1.2.2.4 from the Uvnc vendor.", "description_and_impact": "UltraVNC Launcher 1.2.2.4 contains a buffer overflow in the Path vncviewer.exe property field that lets a local attacker crash the application by entering an overly long string, resulting in a denial of service for legitimate users.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity, and the EPSS value is unavailable; the vulnerability is not listed in the KEV catalog. The exploit requires local user access and a crafted input via the Properties dialog, so its potential impact is limited to systems where an attacker can run the application locally and supply the attack payload."}}}}, "created": "2026-03-23T09:46:18.295130+00:00", "updated": "2026-03-25T14:46:15.809917+00:00", "vendors": ["uvnc", "uvnc$PRODUCT$ultravnc_launcher"]}