CVE-2019-25463
Received Received - Intake
Buffer Overflow in SpotIE 2.9.5 Causes Local Denial of Service

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registration to trigger a buffer overflow and crash the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25463
EUVD
EUVD-2019-19734
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
spotie internet_explorer_password_recovery 2.9.5
spotie internet_explorer_password_recovery to 2.9.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25463 is a denial of service (DoS) vulnerability in SpotIE Internet Explorer Password Recovery version 2.9.5 and earlier. It occurs due to a buffer overflow caused by an out-of-bounds write in the registration key input field.

Local attackers can exploit this vulnerability by pasting an excessively long stringβ€”specifically a 256-character payloadβ€”into the Key field during registration. This triggers the buffer overflow and causes the application to crash.

Impact Analysis

This vulnerability allows local attackers to crash the SpotIE Internet Explorer Password Recovery application by supplying a specially crafted input in the registration key field.

The impact is a denial of service condition where legitimate users are unable to use the application because it becomes unresponsive or terminates unexpectedly.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the SpotIE Internet Explorer Password Recovery application version 2.9.5 or earlier.'}, {'type': 'list_item', 'content': 'Create a file containing a 256-character string (e.g., 256 repetitions of the character "E").'}, {'type': 'list_item', 'content': 'Copy the content of this file to the clipboard.'}, {'type': 'list_item', 'content': 'Launch the SpotIE application and navigate to the Register menu.'}, {'type': 'list_item', 'content': 'Paste the clipboard content into the "Key:" field and confirm by clicking OK.'}, {'type': 'paragraph', 'content': 'If the application crashes or becomes unresponsive, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'A Perl script can be used to automate the creation of the malicious payload file with the command: `perl SpotIE.pl`.'}] [2]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25463. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart