Skip to content
CVSS 8.4 · HIGH

CVE-2018-25314

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception handler (SEH) overwrite to bypass protections and execute code with application privileges.

View on NVD

Analysis

This vulnerability affects an obscure and likely legacy video conversion utility which is not part of the standard developer or server administrator stack. While it allows for code execution via a buffer overflow in the license field, the niche nature of the software and the local attack vector make it irrelevant to the community.

Severity

Score: 8.4(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-120

EPSS

Probability of exploitation (next 30 days): 0.0002 (0.0%)
Percentile: 4.6%
EPSS: 2026-05-06

Technical description

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception handler (SEH) overwrite to bypass protections and execute code with application privileges.

Published: 4/29/2026, 8:16:27 PM
Last modified: 4/29/2026, 9:22:20 PM

References

HomeEventsBlogResourcesTeam