CVE-2019-25362 | THREATINT

Description

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application's input handling.

PUBLISHED Reserved 2026-02-13 | Published 2026-02-18 | Updated 2026-02-19 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Out-of-bounds Write

Product status

4.6.1217

affected

Credits

Doan Nguyen (4ll4u) finder

References

www.exploit-db.com/exploits/47568 (ExploitDB-47568) exploit

www.alloksoft.com/ (Vendor Homepage) product

www.alloksoft.com/wmv.htm (Software Download Page) product

www.exploit-db.com/exploits/47563 (Exploit Database Entry 47563) exploit

www.vulncheck.com/...-mpeg-dvd-wmv-convertor-buffer-overflow (VulnCheck Advisory: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow) third-party-advisory

cve.org (CVE-2019-25362)

nvd.nist.gov (CVE-2019-25362)

Download JSON