CVE-2019-25476
Received Received - Intake

Buffer Overflow in Outlook Password Recovery 2.10 Causes DoS

Vulnerability report for CVE-2019-25476, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description

Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to trigger a denial of service condition.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-07-06
AI Q&A
2026-03-11
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
outlook_password_recovery outlook_password_recovery 2.10
top-password outlook_password_recovery to 2.10 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2019-25476 is a buffer overflow vulnerability in Outlook Password Recovery version 2.10 and earlier. It occurs when a local attacker supplies an oversized payloadβ€”specifically, a malicious text file containing 6000 bytes of dataβ€”pasted into the User Name and Registration Code fields. This causes the application to crash due to improper handling of large input strings, resulting in a denial of service condition.

Impact Analysis

This vulnerability allows a local attacker to crash the Outlook Password Recovery application by triggering a buffer overflow with a specially crafted input. The impact is a denial of service, meaning the application becomes unstable and unusable until restarted. There is no direct compromise of confidentiality or integrity, but the availability of the software is severely affected.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition locally on the system running Outlook Password Recovery version 2.10.'}, {'type': 'paragraph', 'content': "A proof-of-concept involves creating a text file containing 6000 'A' characters and pasting its content into the User Name and Registration Code field of the application to trigger a denial of service."}, {'type': 'list_item', 'content': "Run a Python script to generate a file named 'Evil.txt' containing 6000 'A' characters."}, {'type': 'list_item', 'content': "Copy the contents of 'Evil.txt' to the clipboard."}, {'type': 'list_item', 'content': 'Open Outlook Password Recovery v2.10.'}, {'type': 'list_item', 'content': "Click the 'EnterKey' button."}, {'type': 'list_item', 'content': 'Paste the copied content into the User Name and Registration Code input field.'}, {'type': 'list_item', 'content': "Click 'OK' to observe if the application crashes, indicating the presence of the vulnerability."}] [1, 2]

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25476. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart