CVE-2019-25667

MEDIUM

TaskInfo 8.2.0.280 Denial of Service Buffer Overflow

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25667. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary This Python script generates a buffer overflow payload to trigger a Denial of Service (DoS) in TaskInfo v8.2.0.280 by overwriting a local buffer when pasted into the registration fields. The exploit is straightforward, leveraging a simple buffer overflow technique.

Description

TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help menu's registration dialog to trigger a denial of service condition.

Exploits (1)

exploitdb WORKING POC
by Rafael Pedrero · pythondoswindows
https://www.exploit-db.com/exploits/46314

This Python script generates a buffer overflow payload to trigger a Denial of Service (DoS) in TaskInfo v8.2.0.280 by overwriting a local buffer when pasted into the registration fields. The exploit is straightforward, leveraging a simple buffer overflow technique.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: TaskInfo v8.2.0.280
No auth needed
Prerequisites: TaskInfo v8.2.0.280 installed · Access to the registration dialog
devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46314
https://www.exploit-db.com/exploits/46314
Product product
Official Product Homepage
http://www.iarsn.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: TaskInfo 8.2.0.280 Denial of Service Buffer Overflow
https://www.vulncheck.com/advisories/taskinfo-denial-of-service-buffer-overflow

Scores

CVSS v3 6.2
EPSS 0.0019
EPSS Percentile 8.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (2)
iarsn/taskinfo < 8.2.0.280
Iarsn/TaskInfo 8.2.0.280
Published Apr 05, 2026
Tracked Since Apr 06, 2026