CVE-2018-25301

Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow

CVSS 8.6 HIGHEPSS 0.2%CWE-120

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Easy MPEG · Easy MPEG to DVD Burner

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/44565unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://downloads.tomsguide.com/MPEG-Easy-Burner,0301-10418.html https://www.exploit-db.com/exploits/44565 https://www.vulncheck.com/advisories/easy-mpeg-to-dvd-burner-seh-local-buffer-overflow