CVE-2018-25303
Stack-Based Buffer Overflow in Allok Video to DVD Burner
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| allok | video_to_dvd_burner | to 2.6.1217 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
Allok Video to DVD Burner version 2.6.1217 and earlier contains a stack-based buffer overflow vulnerability in the License Name field.
This flaw allows local attackers to execute arbitrary code by overwriting the structured exception handler (SEH) with a specially crafted input string.
The exploit involves pasting a malicious input string composed of 780 bytes of junk data followed by SEH chain pointers and shellcode into the License Name field during registration, which triggers code execution.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code on the affected system.
Successful exploitation can compromise the confidentiality, integrity, and availability of the system.
Because the attacker can run arbitrary code, they could potentially install malware, steal data, or disrupt system operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is triggered by a specially crafted input string pasted into the License Name field during registration of Allok Video to DVD Burner version 2.6.1217 or earlier. Detection involves monitoring for unusual or suspicious input patterns in this field.
Since the exploit requires local access and involves a 780-byte junk data payload followed by SEH chain pointers and shellcode, detection can focus on identifying unusually long or malformed License Name entries.
There are no specific commands provided in the available resources to detect this vulnerability on a network or system.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable Allok Video to DVD Burner version 2.6.1217 or earlier, especially refraining from entering untrusted or suspicious data into the License Name field.
Since the vulnerability requires local attacker interaction, restricting local access to trusted users and environments can reduce risk.
No specific patches or updates are mentioned in the provided resources, so monitoring for vendor updates or advisories is recommended.
Can you explain this vulnerability to me?
This vulnerability exists in Allok Video to DVD Burner version 2.6.1217 and is a stack-based buffer overflow in the License Name field.
Local attackers can exploit this by entering a specially crafted input string consisting of 780 bytes of junk data followed by structured exception handler (SEH) chain pointers and shellcode into the License Name field during registration.
This causes an SEH overwrite, allowing the attacker to execute arbitrary code on the affected system.
How can this vulnerability impact me? :
The vulnerability allows local attackers to execute arbitrary code on the affected system.
This can lead to unauthorized control over the system, potentially allowing attackers to install malware, steal data, or disrupt system operations.