UltraVNC Launcher Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in UltraVNC Launcher version 1.2.4.0. This vulnerability allows local attackers to crash the application by exploiting the password configuration properties. By pasting an excessively long string of 300 characters into the password field, attackers can trigger an application crash, disrupting normal launcher functionality.

Impact

Exploitation of this vulnerability leads to a crash of the UltraVNC Launcher application, causing a denial-of-service condition where the application becomes unresponsive or unavailable for use.

Reproduction

To reproduce this vulnerability, first, create a text file containing a 300-character string of repeated 'A' characters. Afterward, open UltraVNC Launcher and navigate to the 'Properties' section. In the 'Password' field, paste the clipboard content that includes the 300-character string. Click 'OK' and then reopen the 'Properties' menu, which will result in the application crashing.