CVE-2020-37133

HIGH

UltraVNC < 1.2.4.0 - Denial of Service via Repeater Host Configuration Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37133. PoCs published by chuyreds.

AI-analyzed exploit summary This PoC exploits a local denial-of-service vulnerability in UltraVNC Launcher 1.2.4.0 by overflowing the 'RepeaterHost' field with a long string of 'A' characters (0x41). The crash occurs when the malicious input is pasted into the application's properties dialog.

Description

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.

Exploits (1)

exploitdb WORKING POC
by chuyreds · pythondoswindows
https://www.exploit-db.com/exploits/48288

This PoC exploits a local denial-of-service vulnerability in UltraVNC Launcher 1.2.4.0 by overflowing the 'RepeaterHost' field with a long string of 'A' characters (0x41). The crash occurs when the malicious input is pasted into the application's properties dialog.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: UltraVNC Launcher 1.2.4.0
No auth needed
Prerequisites: Local access to the target system · UltraVNC Launcher 1.2.4.0 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/48288
Product product
https://www.uvnc.com/

Scores

CVSS v3 7.5
EPSS 0.0048
EPSS Percentile 37.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-121 CWE-787
Status published
Products (1)
uvnc/ultravnc < 1.2.4.0
Published Feb 05, 2026
Tracked Since Feb 18, 2026