CVE-2019-25318

HIGH

AVS Audio Converter <9.1.2.600 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-25318. PoCs published by boku, ZwX.

AI-analyzed exploit summary This exploit leverages a stack overflow vulnerability in AVS Audio Converter 9.1.2.600 to achieve remote code execution via a crafted payload that overwrites EIP and executes shellcode, resulting in a bind shell on port 9999.

Description

AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.

Exploits (2)

exploitdb WORKING POC
by boku · pythonlocalwindows
https://www.exploit-db.com/exploits/47810

This exploit leverages a stack overflow vulnerability in AVS Audio Converter 9.1.2.600 to achieve remote code execution via a crafted payload that overwrites EIP and executes shellcode, resulting in a bind shell on port 9999.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AVS Audio Converter 9.1.2.600
No auth needed
Prerequisites: Victim must open a malicious file in Notepad and copy its contents into the AVS Audio Converter's 'Output Folder' textbox
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by ZwX · pythonlocalwindows
https://www.exploit-db.com/exploits/47788

This exploit demonstrates a classic buffer overflow vulnerability in AVS Audio Converter 9.1 by overwriting the EIP and ECX registers with controlled data. The PoC generates a malicious input file that, when pasted into the 'Exit folder' field, triggers the overflow and crashes the application.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: AVS Audio Converter 9.1
No auth needed
Prerequisites: AVS Audio Converter 9.1 installed on Windows 7 · Local access to the application
devstral-2 · analyzed Feb 17, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47810
Various Sources product
http://www.avs4you.com/
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47788

Scores

CVSS v3 8.8
EPSS 0.0029
EPSS Percentile 20.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-121
Status published
Products (1)
Avs4You/AVS Audio Converter 9.1.2.600
Published Feb 12, 2026
Tracked Since Feb 18, 2026