Primary

Context

UltraVNC Launcher Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

A buffer overflow vulnerability has been identified in UltraVNC Launcher version 1.2.2.4. The issue arises in the 'Path vncviewer.exe' property field, where local attackers can cause the application to crash by entering an excessively long string. This is achieved by inputting a 300-byte payload of repeated characters through the Properties dialog, which triggers a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the application to crash, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by opening the UltraVNC Launcher and navigating to the Properties dialog. In the 'Path vncviewer.exe' field, paste a 300-byte payload of repeated characters. After clicking 'OK', the application will crash.

Added: Mar 22, 2026, 2:31 PM

Updated: Mar 22, 2026, 2:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UltraVNC Launcher Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating