CVE-2018-25301

HIGH

Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25301. PoCs published by Marwan Shamel.

AI-analyzed exploit summary This exploit demonstrates a local buffer overflow vulnerability in Easy MPEG to DVD Burner 1.7.11 via the registration username field, leveraging SEH overwrite to execute arbitrary shellcode (calc.exe).

Description

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe.

Exploits (1)

exploitdb WORKING POC

by Marwan Shamel · pythonlocalwindows

https://www.exploit-db.com/exploits/44565

View Code ZIP pw:eip

This exploit demonstrates a local buffer overflow vulnerability in Easy MPEG to DVD Burner 1.7.11 via the registration username field, leveraging SEH overwrite to execute arbitrary shellcode (calc.exe).

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Easy MPEG to DVD Burner 1.7.11

No auth needed

Prerequisites: User interaction (pasting payload into registration field)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44565

https://www.exploit-db.com/exploits/44565

Product product

Product Reference

https://downloads.tomsguide.com/MPEG-Easy-Burner,0301-10418.html

Third Party Advisory third-party-advisory

VulnCheck Advisory: Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow

https://www.vulncheck.com/advisories/easy-mpeg-to-dvd-burner-seh-local-buffer-overflow

Scores

CVSS v3 8.4

EPSS 0.0016

EPSS Percentile 5.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (1)

Easy MPEG/Easy MPEG to DVD Burner 1.7.11

Published Apr 29, 2026

Tracked Since Apr 30, 2026