Skip to content
CVSS 8.4 · HIGH

CVE-2018-25301

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe.

Ver en NVD

Análisis

Easy MPEG to DVD Burner is an obscure legacy utility not used in modern software development or server environments. The vulnerability requires local access and the product is largely irrelevant to the community's tech stack.

Severidad

Puntaje: 8.4(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 4.4%
EPSS: 2026-05-06

Descripción técnica

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe.

Publicada: 29/4/2026, 20:16:25
Última modificación: 30/4/2026, 15:44:48

Referencias

InicioEventosBlogRecursosEquipo