Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2019-25545

CVE-2019-25545: Terminal Services Manager DoS Vulnerability

CVE-2019-25545 is a local buffer overflow flaw in Terminal Services Manager 3.2.1 that causes denial of service. Attackers can crash the application by entering excessive data in the computer name field during setup.

Published:

CVE-2019-25545 Overview

Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability (CWE-787: Out-of-bounds Write) that allows attackers to crash the application by supplying an excessively long string in the computer name field. This vulnerability enables denial of service attacks when a malicious user inputs a 5000-byte buffer of data into the 'Computer name or IP address' field during computer addition, causing the application to crash when the server entry is accessed.

Critical Impact

Local attackers can reliably crash the Terminal Services Manager application by exploiting improper bounds checking in the computer name input field, resulting in denial of service and potential loss of administrative access to managed terminal services.

Affected Products

  • Terminal Services Manager 3.2.1
  • Lizard Systems Terminal Services Manager

Discovery Timeline

  • 2026-03-21 - CVE CVE-2019-25545 published to NVD
  • 2026-03-23 - Last updated in NVD database

Technical Details for CVE-2019-25545

Vulnerability Analysis

This vulnerability is classified as CWE-787 (Out-of-bounds Write), a memory corruption issue that occurs when Terminal Services Manager fails to properly validate the length of user-supplied input in the computer name field. The application allocates a fixed-size buffer for storing computer names but does not enforce appropriate boundary checks before writing user input to this memory region.

When a user adds a new computer entry and provides an excessively long string (approximately 5000 bytes) in the 'Computer name or IP address' field, the application writes beyond the allocated buffer boundaries. This out-of-bounds write corrupts adjacent memory structures, leading to application instability and eventual crash when the malformed entry is subsequently accessed or processed.

The local attack vector means an attacker requires existing access to the system where Terminal Services Manager is installed. No authentication to the application itself is required to trigger the vulnerability, and no user interaction beyond normal application use is necessary once the malicious entry has been created.

Root Cause

The root cause of this vulnerability is insufficient input validation and boundary checking in the computer name parsing functionality of Terminal Services Manager. The application accepts arbitrarily long strings without verifying that the input length does not exceed the allocated buffer size. This lack of bounds checking allows memory corruption through buffer overflow when processing oversized input data.

Attack Vector

This is a local attack vector vulnerability. An attacker with local system access can exploit this vulnerability through the following mechanism:

  1. Open Terminal Services Manager application
  2. Navigate to the computer addition functionality
  3. Enter an excessively long string (5000+ bytes) in the 'Computer name or IP address' input field
  4. Save the malicious entry
  5. The application crashes when attempting to access or display the corrupted server entry

The exploitation does not require elevated privileges on the local system, only the ability to run Terminal Services Manager and create computer entries. Technical details and a proof-of-concept are documented in Exploit-DB #46911.

Detection Methods for CVE-2019-25545

Indicators of Compromise

  • Unexpected crashes of the Terminal Services Manager application, particularly when viewing server lists
  • Application event logs showing memory access violations or buffer overflow exceptions in Terminal Services Manager processes
  • Presence of abnormally long computer name entries in Terminal Services Manager configuration files or databases

Detection Strategies

  • Monitor Windows Event Logs for application crashes related to Terminal Services Manager with error codes indicating memory corruption
  • Implement endpoint detection rules to identify processes writing excessively large buffers to Terminal Services Manager configuration storage
  • Deploy file integrity monitoring on Terminal Services Manager configuration files to detect anomalous entries with oversized field values

Monitoring Recommendations

  • Configure application crash monitoring to alert on repeated Terminal Services Manager failures
  • Review Terminal Services Manager logs for unusual computer name additions that exceed normal naming conventions
  • Implement SentinelOne behavioral detection policies to identify memory corruption attempts in administrative tools

How to Mitigate CVE-2019-25545

Immediate Actions Required

  • Update Terminal Services Manager to the latest available version from Lizard Systems
  • Restrict local access to systems where Terminal Services Manager is installed to trusted administrators only
  • Review and validate existing computer entries in Terminal Services Manager for anomalous or excessively long names
  • Consider implementing application whitelisting to control which users can execute Terminal Services Manager

Patch Information

Users should check with Lizard Systems for updated versions of Terminal Services Manager that address this buffer overflow vulnerability. The VulnCheck Advisory provides additional technical guidance on this vulnerability.

Workarounds

  • Limit Terminal Services Manager access to only trusted administrators who require the functionality
  • Implement monitoring for Terminal Services Manager crashes that may indicate exploitation attempts
  • Consider using alternative terminal services management solutions until a patch is confirmed available
  • Apply principle of least privilege to restrict which users can add or modify computer entries in the application
bash
# Restrict access to Terminal Services Manager executable
icacls "C:\Program Files\Lizard Systems\Terminal Services Manager\tsm.exe" /inheritance:r /grant:r Administrators:RX

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.