Skip to content
CVSS 8.4 · HIGH

CVE-2018-25301

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe.

View on NVD

Analysis

Easy MPEG to DVD Burner is an obscure legacy utility not used in modern software development or server environments. The vulnerability requires local access and the product is largely irrelevant to the community's tech stack.

Severity

Score: 8.4(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-120

EPSS

Probability of exploitation (next 30 days): 0.0002 (0.0%)
Percentile: 4.4%
EPSS: 2026-05-06

Technical description

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe.

Published: 4/29/2026, 8:16:25 PM
Last modified: 4/30/2026, 3:44:48 PM

References

HomeEventsBlogResourcesTeam