Skip to content
CVSS 8.4 · HIGH

CVE-2018-25314

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception handler (SEH) overwrite to bypass protections and execute code with application privileges.

Ver en NVD

Análisis

This vulnerability affects an obscure and likely legacy video conversion utility which is not part of the standard developer or server administrator stack. While it allows for code execution via a buffer overflow in the license field, the niche nature of the software and the local attack vector make it irrelevant to the community.

Severidad

Puntaje: 8.4(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 4.6%
EPSS: 2026-05-06

Descripción técnica

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception handler (SEH) overwrite to bypass protections and execute code with application privileges.

Publicada: 29/4/2026, 20:16:27
Última modificación: 29/4/2026, 21:22:20

Referencias

InicioEventosBlogRecursosEquipo