Description
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash.
Published: 2026-03-21
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

PCHelpWareV2 version 1.0.0.5 contains a buffer overflow in the Group field. By entering an excessively long string in that field and clicking the OK button, a local attacker can cause the application to crash, interrupting normal use. The vulnerability does not mention code execution or data disclosure. The crash is confined to the local application process and does not propagate to other system components.

Affected Systems

The affected products are Uvnc PCHelpWareV2 1.0.0.5 and the Uvnc UltraVNC component with the same build number. No other releases are identified as vulnerable.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity. An EPSS score below 1% suggests a low probability of widespread exploitation, and the vulnerability is not included in the CISA KEV catalog. The description requires the attacker to manually supply a long string in the Group field and trigger the crash locally, so the attack vector is local. Remote exploitation is not feasible without direct local interaction. The relevant weakness is a classic buffer overflow (CWE-787).

Generated by OpenCVE AI on March 24, 2026 at 22:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑supplied patch or newer version that addresses the Group field overflow.
  • If no patch is available, uninstall or disable the application on systems where it is not required.
  • Restrict local user privileges on machines running the application to prevent untrusted users from manipulating the Group field.
  • Configure monitoring or logging to detect repeated attempts to enter overly long values and alert when the application crashes.

Generated by OpenCVE AI on March 24, 2026 at 22:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:uvnc:pchelpwarev2:1.0.0.5:*:*:*:*:*:*:*

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Uvnc pchelpwarev2
Vendors & Products Uvnc pchelpwarev2

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash.
Title PCHelpWareV2 1.0.0.5 Denial of Service via Group Field
First Time appeared Uvnc
Uvnc ultravnc
Weaknesses CWE-787
CPEs cpe:2.3:a:uvnc:ultravnc:1.0.0.5:*:*:*:*:*:*:*
Vendors & Products Uvnc
Uvnc ultravnc
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Uvnc Pchelpwarev2 Ultravnc
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T15:15:22.499Z

Reserved: 2026-03-21T12:31:58.383Z

Link: CVE-2019-25564

cve-icon Vulnrichment

Updated: 2026-03-24T14:01:24.976Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:19.710

Modified: 2026-03-24T20:43:35.103

Link: CVE-2019-25564

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:19Z

Weaknesses