Description
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to trigger a denial of service condition.
Published: 2026-03-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Local)
Action: Patch Now
AI Analysis

Impact

Outlook Password Recovery 2.10 contains a buffer overflow that allows local attackers to crash the application by supplying an oversized payload. A malicious text file of 6000 bytes can be pasted into the User Name and Registration Code field, triggering a denial of service. This represents a local denial of service due to overflow (CWE-787). Key detail from the description: "Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to trigger a denial of service condition."

Affected Systems

The affected product is Top-Password's Outlook Password Recovery, specifically version 2.10. No additional versions are listed in the CNA data, so the vulnerability is tied to the 2.10 release.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector appears to be local, as the attacker must supply a crafted file to a user running the application. Because the exploit requires user interaction and local access, the overall risk to a network or remote attacker is low, but any compromised workstation could be brought down locally.

Generated by OpenCVE AI on March 17, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Outlook Password Recovery to a patched version if available from Top-Password.
  • If a patch is not available, uninstall or disable the application until a fix is released.
  • Monitor the vendor’s website and security advisories for update releases and apply any new patches promptly.
  • Restrict user privileges to limit the impact of the application crash (e.g., run the tool as a standard user).

Generated by OpenCVE AI on March 17, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Top Password Software
Top Password Software outlook Password Recovery
Vendors & Products Top Password Software
Top Password Software outlook Password Recovery

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to trigger a denial of service condition.
Title Outlook Password Recovery 2.10 Denial of Service Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Top Password Software Outlook Password Recovery
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-11T19:31:01.740Z

Reserved: 2026-02-23T12:12:48.111Z

Link: CVE-2019-25476

cve-icon Vulnrichment

Updated: 2026-03-11T19:22:46.635Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T19:16:01.603

Modified: 2026-03-12T21:08:22.643

Link: CVE-2019-25476

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:44Z

Weaknesses