CVE-2018-25303

HIGH

Allok Video to DVD Burner 2.6.1217 Buffer Overflow SEH

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25303. PoCs published by T3jv1l.

AI-analyzed exploit summary This exploit demonstrates a SEH-based buffer overflow in Allok Video to DVD Burner 2.6.1217, leveraging a crafted license name field to execute arbitrary shellcode (calc.exe). The exploit follows the Corelan SEH exploitation technique, using a short jump to bypass SEH and redirect execution to the shellcode.

Description

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution.

Exploits (1)

exploitdb WORKING POC

by T3jv1l · pythonlocalwindows

https://www.exploit-db.com/exploits/44518

View Code ZIP pw:eip

This exploit demonstrates a SEH-based buffer overflow in Allok Video to DVD Burner 2.6.1217, leveraging a crafted license name field to execute arbitrary shellcode (calc.exe). The exploit follows the Corelan SEH exploitation technique, using a short jump to bypass SEH and redirect execution to the shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Allok Video to DVD Burner 2.6.1217

No auth needed

Prerequisites: Allok Video to DVD Burner 2.6.1217 installed · Python 2.7 to generate the payload file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44518

https://www.exploit-db.com/exploits/44518

Product product

Official Product Homepage

http://www.alloksoft.com/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Allok Video to DVD Burner 2.6.1217 Buffer Overflow SEH

https://www.vulncheck.com/advisories/allok-video-to-dvd-burner-buffer-overflow-seh

Scores

CVSS v3 8.4

EPSS 0.0016

EPSS Percentile 5.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

Alloksoft/Allok Video to DVD Burner 2.6.1217

Published Apr 29, 2026

Tracked Since Apr 30, 2026