Skip to content
CVSS 8.4 · HIGH

CVE-2018-25303

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution.

View on NVD

Analysis

This vulnerability affects an obscure and likely outdated video burning utility. Since it requires local manual interaction to exploit and has no relevance to web development, cloud infrastructure, or modern software engineering, it does not warrant community attention.

Severity

Score: 8.4(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-121

EPSS

Probability of exploitation (next 30 days): 0.0002 (0.0%)
Percentile: 4.4%
EPSS: 2026-05-06

Technical description

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution.

Published: 4/29/2026, 8:16:25 PM
Last modified: 4/29/2026, 9:22:20 PM

References

HomeEventsBlogResourcesTeam