Description
Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to the added computer, overwriting the SEH chain and corrupting exception handlers.
Published: 2026-04-05
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via local buffer overflow
Action: Immediate Patch
AI Analysis

Impact

Remote Process Explorer 1.0.0.16 contains a local buffer overflow that can be exploited by pasting a crafted string into the computer name textbox of the Add Computer dialog; the overflow corrupts the Structured Exception Handler chain and forces the application to crash when attempting a connection, causing a denial of service with no data compromise or remote code execution.

Affected Systems

The vulnerable product is Lizardsystems Remote Process Explorer version 1.0.0.16; no other versions are listed as affected.

Risk and Exploitability

The CVSS score of 6.9 marks this flaw as medium severity. EPSS is unavailable and the vulnerability is not in the CISA KEV catalog, implying limited current exploitation. The attack requires local access to the machine running the application, as the malicious payload is entered through a UI field. Because the effect is limited to an application crash, the impact is confined to availability of that specific instance of Remote Process Explorer.

Generated by OpenCVE AI on April 5, 2026 at 23:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor patch or upgrade to a version of Remote Process Explorer that addresses the buffer overflow.
  • If no patch is available, disable or restrict access to the Add Computer feature until a fix is released.
  • Monitor application logs for crash events and ensure the application is restarted promptly.
  • Restrict local user permissions to prevent unauthorized use of the application.

Generated by OpenCVE AI on April 5, 2026 at 23:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Lizardsystems
Lizardsystems remote Process Explorer
Vendors & Products Lizardsystems
Lizardsystems remote Process Explorer

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to the added computer, overwriting the SEH chain and corrupting exception handlers.
Title Remote Process Explorer 1.0.0.16 Local Buffer Overflow DoS
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Lizardsystems Remote Process Explorer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T16:12:30.667Z

Reserved: 2026-04-05T12:47:04.305Z

Link: CVE-2019-25661

cve-icon Vulnrichment

Updated: 2026-04-06T16:12:16.553Z

cve-icon NVD

Status : Deferred

Published: 2026-04-05T21:16:43.050

Modified: 2026-04-16T16:15:56.380

Link: CVE-2019-25661

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:56:16Z

Weaknesses