Description
Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution.
Published: 2026-04-29
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Allok Video to DVD Burner 2.6.1217 includes a stack-based buffer overflow in the License Name field used during registration. A malicious input consisting of 780 bytes of garbage followed by crafted SEH chain pointers and shellcode can overwrite the structured exception handler, allowing code to execute with the privileges of the running user. This vulnerability gives local attackers the ability to run arbitrary code, potentially leading to full system compromise if the user has administrative rights.

Affected Systems

The affected product is Alloksoft’s Allok Video to DVD Burner version 2.6.1217. The buffer overflow exists only in this version’s registration interface. The application is a Windows desktop tool that requires user interaction to register the software.

Risk and Exploitability

The CVSS score of 8.6 classifies this flaw as a high severity issue, and the EPSS score is currently unavailable. It is not listed in the CISA KEV catalog. The vulnerability is exploitable by a local user who can input data into the License Name field, so the attack vector is inferred to be local. Because the exploit overwrites the SEH, it can lead to arbitrary code execution and potentially privilege escalation if the attacker can gain administrative privileges to the machine.

Generated by OpenCVE AI on April 30, 2026 at 03:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Allok Video to DVD Burner to a patched or newer version that removes the vulnerable registration field.
  • If updating is not possible, disable or delete the registration functionality that accepts a License Name to prevent the buffer overflow from being triggered.
  • Ensure that end users are granted only the minimum necessary privileges and implement application hardening and memory protection (e.g., enable DEP and ASLR) to mitigate exploitation risk.

Generated by OpenCVE AI on April 30, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Alloksoft
Alloksoft allok Video To Dvd Burner
Vendors & Products Alloksoft
Alloksoft allok Video To Dvd Burner

Wed, 29 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution.
Title Allok Video to DVD Burner 2.6.1217 Buffer Overflow SEH
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Alloksoft Allok Video To Dvd Burner
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-29T19:24:35.902Z

Reserved: 2026-04-29T12:07:42.797Z

Link: CVE-2018-25303

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-04-29T20:16:25.620

Modified: 2026-04-29T21:22:20.120

Link: CVE-2018-25303

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:20:48Z

Weaknesses