CVE-2018-25303 | THREATINT

Description

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution.

PUBLISHED Reserved 2026-04-29 | Published 2026-04-29 | Updated 2026-04-30 | Assigner VulnCheck

HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Stack-based Buffer Overflow

Product status

2.6.1217

affected

Credits

T3jv1l finder

References

www.exploit-db.com/exploits/44518 (ExploitDB-44518) exploit

www.alloksoft.com/ (Official Product Homepage) product

www.vulncheck.com/...video-to-dvd-burner-buffer-overflow-seh (VulnCheck Advisory: Allok Video to DVD Burner 2.6.1217 Buffer Overflow SEH) third-party-advisory

cve.org (CVE-2018-25303)

nvd.nist.gov (CVE-2018-25303)

Download JSON