CVE-2026-12193
7.8 HIGHA vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x
Published: 2026-06-15 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-119, CWE-122
Description
A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtl_Handler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 2.7.0 is sufficient to fix this issue. It is recommended to upgrade the affected component.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-12193
- [Other]https://github.com/Kalagious/RevoDetectorExploit/tree/master
- [Other]https://jordanhiggins.blog/revouninstaller-pool-overflow-exploit/
- [Other]https://vandalsuidaho-my.sharepoint.com/:w:/g/personal/higg2059_vandals_uidaho_edu/IQAMHgdfpRAkSqDsoFVswIYNAXjPVFz-admcJyl5ITzYhu0?e=4Ywwza
- [Other]https://vuldb.com/cve/CVE-2026-12193
- [Other]https://vuldb.com/submit/829132
- [Other]https://vuldb.com/submit/829133
- [Other]https://vuldb.com/vuln/370839
- [Other]https://vuldb.com/vuln/370839/cti
- [Other]https://www.revouninstaller.com/start-freeware-download/
- [Other]https://youtu.be/JR0KPjWRTns?si=Ff2bUDvv3butJyfP
Related CVEs
Same CWE
- CVE-2026-12216 — A weakness has been identified in svaarala duktape up to 2.99.99 (5.3 MEDIUM)
- CVE-2026-12200 — A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32 (7.3 HIGH)
- CVE-2026-12192 — A vulnerability was determined in GALAYOU Y4 1.0.0 (8.8 HIGH)
- CVE-2026-12174 — A security vulnerability has been detected in D-Link DCS-935L 1.10.01 (8.8 HIGH)
- CVE-2026-48914 — A flaw was found in QEMU's virtio-blk device (6.7 MEDIUM)