CVE-2020-37184
Stack Overflow in Allok Video Converter Allows Code Execution
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| allok | video_converter | to 4.6.1217 (exc) |
| allok | video_converter | 4.6.1217 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-37184 is a critical stack-based buffer overflow vulnerability in Allok Video Converter version 4.6.1217. It occurs in the License Name input field, where an attacker can input a specially crafted payload that overwrites Structured Exception Handler (SEH) pointers on the stack.
This overflow allows the attacker to inject malicious bytecode, enabling arbitrary code execution and the ability to run system commands on the affected machine.
The exploit involves overwriting SEH handlers by using a payload that includes shellcode, which can execute programs such as calc.exe, demonstrating control over the system.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on the affected system, allowing attackers to run malicious commands or software.
Because it requires no privileges and only user interaction, an attacker can exploit this vulnerability locally to escalate privileges or compromise system integrity.
The impact includes potential loss of confidentiality, integrity, and availability of the system, as attackers can execute arbitrary code and potentially take full control.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the License Name input field of Allok Video Converter 4.6.1217 with specially crafted payloads designed to trigger the stack overflow and SEH overwrite.'}, {'type': 'paragraph', 'content': 'One practical approach is to use a proof-of-concept exploit that sends a buffer of 1000 bytes with a specific pattern: padding with "A" characters up to 780 bytes, followed by SEH overwrite bytes, shellcode, and padding with "D" characters.'}, {'type': 'paragraph', 'content': 'Since this is a local vulnerability, detection commands would involve running the application with crafted input rather than network scanning.'}, {'type': 'paragraph', 'content': 'No specific network commands are provided in the resources, but testing can be done by automating input to the License Name field using scripting tools or debugging tools to monitor for crashes or abnormal behavior.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of Allok Video Converter version 4.6.1217 or earlier until a patch or update is available.
Restrict access to the application to trusted users only, as exploitation requires local access and user interaction.
Monitor and control inputs to the License Name field to prevent injection of malicious payloads.
Consider running the application in a restricted environment or sandbox to limit the impact of potential exploitation.