CVE-2019-25476
Received Received - Intake
Buffer Overflow in Outlook Password Recovery 2.10 Causes DoS

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to trigger a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25476
EUVD
EUVD-2019-19754
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
outlook_password_recovery outlook_password_recovery 2.10
top-password outlook_password_recovery to 2.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25476 is a buffer overflow vulnerability in Outlook Password Recovery version 2.10 and earlier. It occurs when a local attacker supplies an oversized payloadβ€”specifically, a malicious text file containing 6000 bytes of dataβ€”pasted into the User Name and Registration Code fields. This causes the application to crash due to improper handling of large input strings, resulting in a denial of service condition.

Impact Analysis

This vulnerability allows a local attacker to crash the Outlook Password Recovery application by triggering a buffer overflow with a specially crafted input. The impact is a denial of service, meaning the application becomes unstable and unusable until restarted. There is no direct compromise of confidentiality or integrity, but the availability of the software is severely affected.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition locally on the system running Outlook Password Recovery version 2.10.'}, {'type': 'paragraph', 'content': "A proof-of-concept involves creating a text file containing 6000 'A' characters and pasting its content into the User Name and Registration Code field of the application to trigger a denial of service."}, {'type': 'list_item', 'content': "Run a Python script to generate a file named 'Evil.txt' containing 6000 'A' characters."}, {'type': 'list_item', 'content': "Copy the contents of 'Evil.txt' to the clipboard."}, {'type': 'list_item', 'content': 'Open Outlook Password Recovery v2.10.'}, {'type': 'list_item', 'content': "Click the 'EnterKey' button."}, {'type': 'list_item', 'content': 'Paste the copied content into the User Name and Registration Code input field.'}, {'type': 'list_item', 'content': "Click 'OK' to observe if the application crashes, indicating the presence of the vulnerability."}] [1, 2]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25476. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart