CVE-2018-25323

Allok AVI DivX MPEG to DVD Converter 2.6.1217 Buffer Overflow SEH

CVSS 8.6 HIGHEPSS 0.1%CWE-120

Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH chain overwrite values, then paste the contents into the License Name field to trigger code execution.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Alloksoft · Allok AVI DivX MPEG to DVD Converter

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/44363unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/44363 https://www.vulncheck.com/advisories/allok-avi-divx-mpeg-to-dvd-converter-buffer-overflow-seh