CVE-2019-25659

MEDIUM

ASPRunner Professional 6.0.766 Local Buffer Overflow DoS

Title source: cna

Description

ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application crash.

Exploits (1)

exploitdb WORKING POC

by Rafael Pedrero · pythondoswindows

https://www.exploit-db.com/exploits/46293

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/46293

[Product] http://www.xlinesoft.com/asprunnerpro

[Third Party Advisory] https://www.vulncheck.com/advisories/asprunner-professional-local-buffer-overflow-dos

Scores

CVSS v3 6.2

EPSS 0.0001

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (1)

Xlinesoft/ASPRunner Professional 6.0.766

Published Apr 05, 2026

Tracked Since Apr 06, 2026