Description
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition.
Published: 2026-03-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

UltraVNC Launcher 1.2.2.4 contains a buffer overflow in the Path vncviewer.exe property field that lets a local attacker crash the application by entering an overly long string, resulting in a denial of service for legitimate users.

Affected Systems

The vulnerable product is UltraVNC Launcher version 1.2.2.4 from the Uvnc vendor.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the EPSS value is unavailable; the vulnerability is not listed in the KEV catalog. The exploit requires local user access and a crafted input via the Properties dialog, so its potential impact is limited to systems where an attacker can run the application locally and supply the attack payload.

Generated by OpenCVE AI on March 22, 2026 at 14:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade UltraVNC Launcher to a version later than 1.2.2.4 if an update is available.
  • If no update exists, uninstall the vulnerable application.
  • Restrict local user permissions to prevent unauthorized input into the Properties dialog.
  • Monitor application logs for unexpected crashes and apply future security patches as released.

Generated by OpenCVE AI on March 22, 2026 at 14:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Uvnc
Uvnc ultravnc Launcher
Vendors & Products Uvnc
Uvnc ultravnc Launcher

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition.
Title UltraVNC Launcher 1.2.2.4 Denial of Service Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Uvnc Ultravnc Launcher
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:16:48.472Z

Reserved: 2026-03-22T12:59:45.501Z

Link: CVE-2019-25601

cve-icon Vulnrichment

Updated: 2026-03-23T16:16:44.718Z

cve-icon NVD

Status : Deferred

Published: 2026-03-22T14:16:27.530

Modified: 2026-04-16T16:19:50.757

Link: CVE-2019-25601

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:15Z

Weaknesses