CVE-2018-25302

HIGH

Allok AVI to DVD SVCD VCD Converter 4.0.1217 Buffer Overflow SEH

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25302. PoCs published by T3jv1l.

AI-analyzed exploit summary This exploit demonstrates a SEH-based buffer overflow in Allok AVI to DVD SVCD VCD Converter 4.0.1217, leveraging a crafted payload to trigger arbitrary code execution via a malicious license name input.

Description

Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with junk data, NSEH bypass, SEH handler address, and shellcode that triggers the overflow when pasted into the License Name field and the Register button is clicked, resulting in code execution.

Exploits (1)

exploitdb WORKING POC

by T3jv1l · pythonlocalwindows

https://www.exploit-db.com/exploits/44549

View Code ZIP pw:eip

This exploit demonstrates a SEH-based buffer overflow in Allok AVI to DVD SVCD VCD Converter 4.0.1217, leveraging a crafted payload to trigger arbitrary code execution via a malicious license name input.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Allok AVI to DVD SVCD VCD Converter 4.0.1217

No auth needed

Prerequisites: Python 2.7 · Allok AVI to DVD SVCD VCD Converter 4.0.1217 installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44549

https://www.exploit-db.com/exploits/44549

Product product

Official Product Homepage

http://www.alloksoft.com/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Allok AVI to DVD SVCD VCD Converter 4.0.1217 Buffer Overflow SEH

https://www.vulncheck.com/advisories/allok-avi-to-dvd-svcd-vcd-converter-buffer-overflow-seh

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 5.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (1)

Alloksoft/Allok AVI to DVD SVCD VCD Converter 4.0.1217

Published Apr 29, 2026

Tracked Since Apr 30, 2026