CVE-2017-8367

HIGH

Ether Software Easy MOV Converter 1.4.24 - Buffer Overflow via Long Username

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-8367. PoCs published by Muhann4d, rnnsz.

AI-analyzed exploit summary This PoC demonstrates an SEH overwrite vulnerability in Easy MOV Converter via a crafted input in the 'Enter User Name' field, leading to a Denial of Service (DoS). The exploit generates a buffer overflow payload to trigger the crash.

Description

Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Muhann4d · pythondoswindows

https://www.exploit-db.com/exploits/41911

View Code ZIP pw:eip

This PoC demonstrates an SEH overwrite vulnerability in Easy MOV Converter via a crafted input in the 'Enter User Name' field, leading to a Denial of Service (DoS). The exploit generates a buffer overflow payload to trigger the crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Easy MOV Converter 1.4.24

No auth needed

Prerequisites: Local access to the application · Ability to paste malicious input into the 'Enter User Name' field

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by rnnsz · poc

https://github.com/rnnsz/CVE-2017-8367

View Code ZIP pw:eip

This repository contains a Python script that generates a payload for CVE-2017-8367, a stack-based buffer overflow in Easy Mov Converter. The payload includes shellcode and is designed to be copied into the username field of the software's register functionality.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Easy Mov Converter

No auth needed

Prerequisites: Python environment to generate the payload · Access to the Easy Mov Converter registration functionality

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41911/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/offensive-security/exploit-database/blob/master/platforms/windows/dos/41911.py

Scores

CVSS v3 7.8

EPSS 0.0050

EPSS Percentile 39.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (19)

ether_software/easy_avi\/divx\/xvid_to_dvd_burner

ether_software/easy_avi_divx_converter

ether_software/easy_cd_dvd_copy

ether_software/easy_dvd_creator

ether_software/easy_mov_converter

ether_software/easy_mov_converter 1.4.24

ether_software/easy_mpeg\/avi\/divx\/wmv\/rm_to_dvd

ether_software/easy_mpeg_to_dvd_burner

ether_software/easy_rm_rmvb_to_dvd_burner

ether_software/easy_video_to_3gp_converter

... and 9 more

Published Apr 30, 2017

Tracked Since Feb 18, 2026