Description
Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with junk data, NSEH bypass, SEH handler address, and shellcode that triggers the overflow when pasted into the License Name field and the Register button is clicked, resulting in code execution.
Published: 2026-04-29
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Allok AVI to DVD SVCD VCD Converter version 4.0.1217 contains a structured exception handling (SEH) based buffer overflow that can be triggered through the License Name field. By supplying a crafted string—including junk data, a NSEH bypass, an overwritten SEH handler address, and shellcode—an attacker who can run the program locally can cause arbitrary code to execute. The flaw is a classic CWE‑120 stack-based buffer overflow.

Affected Systems

Vulnerable software is Alloksoft’s Allok AVI to DVD SVCD VCD Converter, specifically the 4.0.1217 release. No other versions or products are mentioned in the advisory.

Risk and Exploitability

The CVSS score of 8.5 marks this flaw as high severity. Exploitation requires local access; the attacker must launch the program and enter malicious data in the License Name field before clicking the Register button. EPSS data is not available and the vulnerability is not listed in CISA’s KEV catalog, indicating limited known exploitation activity so far. Nevertheless, the ability to execute arbitrary code locally presents a significant risk to system integrity if an attacker can gain user or administrative privileges within the affected environment.

Generated by OpenCVE AI on April 30, 2026 at 03:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Allok AVI to DVD SVCD VCD Converter to a version newer than 4.0.1217 that addresses the buffer overflow.
  • If an upgrade is unavailable, restrict execution of the application to trusted users only and consider disabling or removing the License Name input if the host controls allow it.
  • Monitor system activity for anomalous process launches or unexpected network connections that could signal exploitation of the SEH buffer overflow.

Generated by OpenCVE AI on April 30, 2026 at 03:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with junk data, NSEH bypass, SEH handler address, and shellcode that triggers the overflow when pasted into the License Name field and the Register button is clicked, resulting in code execution.
Title Allok AVI to DVD SVCD VCD Converter 4.0.1217 Buffer Overflow SEH
First Time appeared Alloksoft
Alloksoft wmv To Avi Mpeg Dvd Wmv Convertor
Weaknesses CWE-120
CPEs cpe:2.3:a:alloksoft:wmv_to_avi_mpeg_dvd_wmv_convertor:4.0.1217:*:*:*:*:*:*:*
Vendors & Products Alloksoft
Alloksoft wmv To Avi Mpeg Dvd Wmv Convertor
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Alloksoft Wmv To Avi Mpeg Dvd Wmv Convertor
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-29T19:24:35.225Z

Reserved: 2026-04-29T12:06:12.182Z

Link: CVE-2018-25302

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-04-29T20:16:25.477

Modified: 2026-04-29T21:22:20.120

Link: CVE-2018-25302

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T04:00:15Z

Weaknesses