CVE-2020-37184
Awaiting Analysis Awaiting Analysis - Queue
Stack Overflow in Allok Video Converter Allows Code Execution

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37184
EUVD
EUVD-2020-31177
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
allok video_converter to 4.6.1217 (exc)
allok video_converter 4.6.1217
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37184 is a critical stack-based buffer overflow vulnerability in Allok Video Converter version 4.6.1217. It occurs in the License Name input field, where an attacker can input a specially crafted payload that overwrites Structured Exception Handler (SEH) pointers on the stack.

This overflow allows the attacker to inject malicious bytecode, enabling arbitrary code execution and the ability to run system commands on the affected machine.

The exploit involves overwriting SEH handlers by using a payload that includes shellcode, which can execute programs such as calc.exe, demonstrating control over the system.

Impact Analysis

This vulnerability can lead to arbitrary code execution on the affected system, allowing attackers to run malicious commands or software.

Because it requires no privileges and only user interaction, an attacker can exploit this vulnerability locally to escalate privileges or compromise system integrity.

The impact includes potential loss of confidentiality, integrity, and availability of the system, as attackers can execute arbitrary code and potentially take full control.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the License Name input field of Allok Video Converter 4.6.1217 with specially crafted payloads designed to trigger the stack overflow and SEH overwrite.'}, {'type': 'paragraph', 'content': 'One practical approach is to use a proof-of-concept exploit that sends a buffer of 1000 bytes with a specific pattern: padding with "A" characters up to 780 bytes, followed by SEH overwrite bytes, shellcode, and padding with "D" characters.'}, {'type': 'paragraph', 'content': 'Since this is a local vulnerability, detection commands would involve running the application with crafted input rather than network scanning.'}, {'type': 'paragraph', 'content': 'No specific network commands are provided in the resources, but testing can be done by automating input to the License Name field using scripting tools or debugging tools to monitor for crashes or abnormal behavior.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of Allok Video Converter version 4.6.1217 or earlier until a patch or update is available.

Restrict access to the application to trusted users only, as exploitation requires local access and user interaction.

Monitor and control inputs to the License Name field to prevent injection of malicious payloads.

Consider running the application in a restricted environment or sandbox to limit the impact of potential exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37184. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart