CVE-2019-25545
Local Buffer Overflow in Terminal Services Manager 3.2.1 Causes DoS
Publication date: 2026-03-21
Last updated on: 2026-04-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lizardsystems | terminal_services_manager | 3.2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25545 is a local buffer overflow vulnerability in Terminal Services Manager version 3.2.1. It occurs when an attacker inputs an excessively long stringβspecifically, a 5000-byte bufferβinto the "Computer name or IP address" field during the addition of a computer entry.'}, {'type': 'paragraph', 'content': 'This oversized input causes an out-of-bounds write that crashes the application, resulting in a denial of service (DoS). The vulnerability can be triggered locally without any privileges or user interaction.'}] [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by causing the Terminal Services Manager application to crash when an attacker inputs a very long string in the computer name field.
The crash results in a denial of service (DoS), meaning legitimate users may be unable to use the application or access server entries while the application is down.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability is triggered by inputting an excessively long string (5000 bytes) into the 'Computer name or IP address' field in Terminal Services Manager version 3.2.1. Detection involves monitoring for crashes or denial of service events related to this application when adding or accessing server entries."}, {'type': 'paragraph', 'content': 'Since the vulnerability is local and specific to the Terminal Services Manager application, detection can be done by attempting to reproduce the issue with a test input of a very long string (e.g., 5000 characters) in the computer name field and observing if the application crashes.'}, {'type': 'paragraph', 'content': 'No specific network commands are provided in the resources, but a practical approach is to monitor application logs for crashes or errors related to Terminal Services Manager.'}, {'type': 'paragraph', 'content': "A suggested manual test command could be to create a file with 5000 'A' characters and paste its content into the 'Computer name or IP address' field in the application to check if it crashes, as demonstrated in the exploit."}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation involves avoiding inputting excessively long strings (such as 5000 bytes) into the 'Computer name or IP address' field in Terminal Services Manager version 3.2.1."}, {'type': 'paragraph', 'content': 'Since the vulnerability causes a denial of service by crashing the application, restricting access to the Terminal Services Manager to trusted users only and monitoring for unusual input attempts can help reduce risk.'}, {'type': 'paragraph', 'content': 'If available, updating to a fixed or newer version of Terminal Services Manager that addresses this buffer overflow vulnerability is recommended.'}] [2, 3]