CVE-2026-12193
Received Received - Intake
Heap-based Buffer Overflow in RevoUninstaller

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: VulDB

Description
A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtl_Handler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 2.7.0 is sufficient to fix this issue. It is recommended to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-12193
EUVD
EUVD-2026-36672
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
revo_uninstaller revo_uninstaller 2.5
revo_uninstaller revo_uninstaller 2.6
revo_uninstaller revo_uninstaller to 2.6.8 (exc)
revo_uninstaller revo_uninstaller 2.7.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the IOCtl_Handler function within the RevoDetector.sys driver of VS Revo RevoUninstaller versions 2.5.x and 2.6.x. It is a heap-based buffer overflow that can be exploited locally by an attacker. The flaw allows manipulation that leads to memory corruption, which can be leveraged to escalate privileges on the affected system.

Impact Analysis

Exploiting this vulnerability can allow an attacker with local access to perform a local privilege escalation (LPE). This means the attacker can gain higher system privileges by exploiting the heap overflow in the RevoDetector.sys driver. The exploit can steal the system token, enabling the attacker to execute code with elevated rights, potentially compromising the entire system. However, the exploit is somewhat unstable and may cause system crashes.

Detection Guidance

This vulnerability is a local heap-based buffer overflow in the RevoDetector.sys driver used by VS Revo RevoUninstaller versions 2.5.x and 2.6.x. Detection involves verifying if the vulnerable driver is loaded on the system.

You can check if the RevoDetector.sys driver is loaded by running the following command in an elevated command prompt or PowerShell:

  • sc query RevoDetector

Alternatively, you can list all loaded drivers and filter for RevoDetector.sys:

  • driverquery | findstr RevoDetector

If the driver is present and the installed Revo Uninstaller version is 2.5.x or 2.6.x, the system is vulnerable.

Mitigation Strategies

The recommended immediate mitigation step is to upgrade VS Revo RevoUninstaller to version 2.7.0 or later, as this version contains the fix for the vulnerability.

If upgrading immediately is not possible, consider disabling or unloading the RevoDetector.sys driver to prevent exploitation, noting that this may impact functionality related to the Revo Uninstaller Helper.

Additionally, restrict local user privileges to limit the ability to execute local exploits, as this vulnerability requires local access.

Compliance Impact

The vulnerability in VS Revo RevoUninstaller allows a local attacker to perform a heap-based buffer overflow, potentially leading to local privilege escalation. This could enable unauthorized access or modification of sensitive data on the affected system.

Such unauthorized access or privilege escalation could impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive information. If exploited, this vulnerability might lead to breaches of confidentiality, integrity, and availability of protected data.

Therefore, organizations using affected versions of RevoUninstaller should upgrade to version 2.7.0 to mitigate the risk and maintain compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12193. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart