CVE-2019-25644

MEDIUM

WinMPG Video Convert 9.3.5 Buffer Overflow Local Denial of Service

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25644. PoCs published by Achilles.

AI-analyzed exploit summary This exploit generates a malicious payload file (Evil.txt) containing a large buffer of 'A' characters (6000 bytes) to trigger a local denial-of-service (DoS) in WinMPG Video Convert by overflowing the registration field. The crash occurs when pasting the payload into the 'Name and Registration Code' field during registration.

Description

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition.

Exploits (1)

exploitdb WORKING POC
by Achilles · pythondoswindows
https://www.exploit-db.com/exploits/46553

This exploit generates a malicious payload file (Evil.txt) containing a large buffer of 'A' characters (6000 bytes) to trigger a local denial-of-service (DoS) in WinMPG Video Convert by overflowing the registration field. The crash occurs when pasting the payload into the 'Name and Registration Code' field during registration.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: WinMPG Video Convert 9.3.5 and older
No auth needed
Prerequisites: WinMPG Video Convert installed · ability to run Python script · user interaction to paste payload
devstral-2 · analyzed Mar 24, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-46553
https://www.exploit-db.com/exploits/46553
Product product
Official Product Homepage
http://www.winmpg.com
Product product
Product Reference
http://www.winmpg.com/down/WinMPG_VideoConvert.zip
Third Party Advisory third-party-advisory
VulnCheck Advisory: WinMPG Video Convert 9.3.5 Buffer Overflow Local Denial of Service
https://www.vulncheck.com/advisories/winmpg-video-convert-buffer-overflow-local-denial-of-service

Scores

CVSS v3 6.2
EPSS 0.0023
EPSS Percentile 13.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (2)
direct-soft/winmpg_video_convert < 9.3.5
Winmpg/WinMPG Video Convert Local Dos Exploit 9.3.5
Published Mar 24, 2026
Tracked Since Mar 24, 2026