Description
Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception handler (SEH) overwrite to bypass protections and execute code with application privileges.
Published: 2026-04-29
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The conversion utility contains a stack‑based buffer overflow in the License Name field that allows a local user to inject an oversized string. By including shellcode within the payload and overwriting the SEH chain, the attacker can execute arbitrary code with the privileges of the running application. This flaw can lead to complete control over the host when the program is run with elevated privileges, compromising confidentiality, integrity, and availability.

Affected Systems

Alloksoft WMV to AVI MPEG DVD WMV Converter version 4.6.1217. The vulnerability is not present in earlier versions and no other releases have been identified as affected.

Risk and Exploitability

The CVSS score of 8.6 denotes a high‑severity local exploitation risk; the EPSS score is not available, so the likelihood is unquantified, but the lack of a KEV listing suggests no widespread exploitation in the field yet. Attackers must have local access to the system and the ability to run the program, making this threat relevant to users who install and run the converter. Exploitation requires an oversized License Name input that successfully performs the SEH overwrite, thereby allowing arbitrary code execution.

Generated by OpenCVE AI on April 30, 2026 at 03:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Uninstall Alloksoft WMV to AVI MPEG DVD WMV Converter or replace it with a trusted, patched media converter.
  • If the application must remain, limit its execution to a non‑admin user account and enforce application whitelisting to prevent unauthorized runs.
  • Apply any vendor‑issued updates or patches once they become available; monitor Alloksoft announcements for future releases that address the buffer overflow.

Generated by OpenCVE AI on April 30, 2026 at 03:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Alloksoft
Alloksoft wmv To Avi Mpeg Dvd Wmv Convertor
Vendors & Products Alloksoft
Alloksoft wmv To Avi Mpeg Dvd Wmv Convertor

Wed, 29 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception handler (SEH) overwrite to bypass protections and execute code with application privileges.
Title Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Alloksoft Wmv To Avi Mpeg Dvd Wmv Convertor
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-30T12:22:26.670Z

Reserved: 2026-04-29T12:24:20.716Z

Link: CVE-2018-25314

cve-icon Vulnrichment

Updated: 2026-04-30T12:22:23.679Z

cve-icon NVD

Status : Deferred

Published: 2026-04-29T20:16:27.193

Modified: 2026-04-29T21:22:20.120

Link: CVE-2018-25314

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T04:00:15Z

Weaknesses