Easy MPEG to DVD Burner version 1.7.11 contains a structured exception handling (SEH) local buffer overflow that is triggered by a maliciously crafted username string. The overflow allows a local attacker to overwrite the SEH handler with a payload that redirects execution flow into injected shellcode, enabling arbitrary commands such as launching calc.exe to run with the privileges of the user running the application. The vulnerability is a classic buffer overflow (CWE‑120) and can be exploited by anyone with local access to the affected machine.

The affected product is Easy MPEG to DVD Burner 1.7.11 from Ether Software, exposed via the "Easy MPEG" product line. This issue applies exclusively to the 1.7.11 build, as no other versions are listed as vulnerable in the CNA data.

The CVSS score of 8.6 classifies the vulnerability as high severity, and the lack of an EPSS score means no publicly available exploitation probability is reported. The vulnerability relies on local access only; an attacker must log into the system or otherwise gain local user context to craft the malicious username. Exploitation code is available on Exploit‑DB, indicating that the flaw is usable in practice. Because the flaw is not listed in CISA KEV, it has not yet been confirmed as part of known, widespread exploitation. Nevertheless, a local buffer overflow with SEH overwrite presents a significant risk and warrants prompt remediation.