CVE-2019-25476
Buffer Overflow in Outlook Password Recovery 2.10 Causes DoS
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| outlook_password_recovery | outlook_password_recovery | 2.10 |
| top-password | outlook_password_recovery | to 2.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25476 is a buffer overflow vulnerability in Outlook Password Recovery version 2.10 and earlier. It occurs when a local attacker supplies an oversized payloadβspecifically, a malicious text file containing 6000 bytes of dataβpasted into the User Name and Registration Code fields. This causes the application to crash due to improper handling of large input strings, resulting in a denial of service condition.
How can this vulnerability impact me? :
This vulnerability allows a local attacker to crash the Outlook Password Recovery application by triggering a buffer overflow with a specially crafted input. The impact is a denial of service, meaning the application becomes unstable and unusable until restarted. There is no direct compromise of confidentiality or integrity, but the availability of the software is severely affected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition locally on the system running Outlook Password Recovery version 2.10.'}, {'type': 'paragraph', 'content': "A proof-of-concept involves creating a text file containing 6000 'A' characters and pasting its content into the User Name and Registration Code field of the application to trigger a denial of service."}, {'type': 'list_item', 'content': "Run a Python script to generate a file named 'Evil.txt' containing 6000 'A' characters."}, {'type': 'list_item', 'content': "Copy the contents of 'Evil.txt' to the clipboard."}, {'type': 'list_item', 'content': 'Open Outlook Password Recovery v2.10.'}, {'type': 'list_item', 'content': "Click the 'EnterKey' button."}, {'type': 'list_item', 'content': 'Paste the copied content into the User Name and Registration Code input field.'}, {'type': 'list_item', 'content': "Click 'OK' to observe if the application crashes, indicating the presence of the vulnerability."}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
I don't know