CVE-2019-25362

CRITICAL

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-25362. PoCs published by 4ll4u, Nithoshitha S.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in WMV to AVI MPEG DVD WMV Convertor 4.6.1217, leveraging SEH overwrite to execute a bind shell payload. The shellcode is generated using msfvenom and is designed to work within the constraints of the application's input validation.

Description

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application's input handling.

Exploits (2)

exploitdb WORKING POC
by 4ll4u · pythonlocalwindows
https://www.exploit-db.com/exploits/47568

This exploit demonstrates a buffer overflow vulnerability in WMV to AVI MPEG DVD WMV Convertor 4.6.1217, leveraging SEH overwrite to execute a bind shell payload. The shellcode is generated using msfvenom and is designed to work within the constraints of the application's input validation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WMV to AVI MPEG DVD WMV Convertor v4.6.1217
No auth needed
Prerequisites: Target software installed on Windows XP SP3 · Ability to paste malicious input into the 'License Name and License Code' field
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
by Nithoshitha S · pythondoswindows
https://www.exploit-db.com/exploits/47563

This exploit demonstrates a denial-of-service vulnerability in WMV to AVI MPEG DVD WMV Convertor 4.6.1217 by overflowing the 'License Name and License Code' field with a large buffer of 'A' characters, causing the application to crash.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: WMV to AVI MPEG DVD WMV Convertor v4.6.1217
No auth needed
Prerequisites: Access to the application's license input field
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources product
https://www.alloksoft.com/
Various Sources product
https://www.alloksoft.com/wmv.htm
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47568
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47563

Scores

CVSS v3 9.8
EPSS 0.0065
EPSS Percentile 46.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
alloksoft/wmv_to_avi_mpeg_dvd_wmv_convertor 4.6.1217
Published Feb 18, 2026
Tracked Since Feb 19, 2026