CVE-2019-25469
Buffer Overflow in Folder Lock 7.7.9 Causes Local DoS
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| folder_lock | folder_lock | 7.7.9 |
| folder_lock | folder_lock | to 7.7.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25469 is a buffer overflow vulnerability in Folder Lock version 7.7.9. It occurs in the serial number registration field where local attackers can input an oversized payload, specifically a 6000-byte buffer of arbitrary data, causing the application to crash.'}, {'type': 'paragraph', 'content': "The vulnerability is triggered by pasting a very large string into the 'Serial Number and Registration Key' field, which overflows the buffer and leads to a denial of service condition."}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause Folder Lock to crash, resulting in a denial of service (DoS) condition. An attacker with local access can exploit this by submitting a large payload to the serial number registration field, making the application unresponsive or unusable.
Since the attack requires local access and no special privileges or user interaction, it mainly impacts availability of the application rather than confidentiality or integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the buffer overflow condition in Folder Lock version 7.7.9. The detection involves creating a specially crafted payload of 6000 characters and pasting it into the 'Serial Number and Registration Key' field of the application to observe if it crashes."}, {'type': 'list_item', 'content': "Run the provided Python script (Folder_Lock.py) from the exploit to generate a file named 'Evil.txt' containing 6000 'A' characters."}, {'type': 'list_item', 'content': "Open 'Evil.txt' and copy its contents to the clipboard."}, {'type': 'list_item', 'content': "Launch Folder Lock and navigate to the 'Enter Key' section."}, {'type': 'list_item', 'content': "Paste the copied content into the 'Serial Number and Registration Key' input field."}, {'type': 'list_item', 'content': "Click 'Submit' and observe if the application crashes, indicating the presence of the vulnerability."}] [1]
What immediate steps should I take to mitigate this vulnerability?
I don't know