Primary

Context

Microsoft VPN Browser+ Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Microsoft VPN Browser+ version 1.1.0.0. This vulnerability allows unauthenticated attackers to crash the application by sending oversized input through the search feature. By pasting a large buffer of characters into the search bar, attackers can trigger an unhandled exception that causes the application to terminate.

Impact

Exploitation of this vulnerability leads to a crash of the application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, paste a large buffer of characters, approximately 5800 bytes, into the search bar of VPN Browser+ version 1.1.0.0. When the search is initiated, the application will crash due to an unhandled exception caused by the oversized input.

Added: Apr 4, 2026, 2:23 PM

Updated: Apr 4, 2026, 2:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft VPN Browser+ Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating