Description
Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH chain overwrite values, then paste the contents into the License Name field to trigger code execution.
Published: 2026-05-17
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Allok AVI DivX MPEG to DVD Converter version 2.6.1217 suffers a structured exception handler buffer overflow that allows a local user to execute arbitrary code. The bug is triggered by a crafted text file that overflows the License Name field, overwriting the SEH chain and redirecting the instruction pointer to attacker supplied shellcode. An attacker can run code with the privileges of the current user, potentially compromising the system. The weakness is listed as CWE‑120.

Affected Systems

Alloksoft’s Allok AVI DivX MPEG to DVD Converter, version 2.6.1217, is affected. No other versions are presently mentioned. Systems running this exact build are vulnerable.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity. EPSS is not available, so exploitation likelihood is unknown, but the bug allows local arbitrary code execution, giving attackers control on machines where the application runs. The vulnerability is not listed in CISA KEV. Attackers would need local access or an opportunity to deliver a crafted file. The exploit chain requires user interaction to paste the payload into the License Name field, making it a local exploit that could be abused through social engineering or staged installation.

Generated by OpenCVE AI on May 17, 2026 at 13:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Allok AVI DivX MPEG to DVD Converter release or any known security patch from Alloksoft.
  • If no patch is available, uninstall the application or restrict its use to a non‑admin user account to reduce privilege.
  • Deploy endpoint protection that blocks execution of shellcode or monitors for abnormal SEH chain modifications; alternatively, use application whitelisting to allow only verified binaries.

Generated by OpenCVE AI on May 17, 2026 at 13:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Alloksoft allok Avi Divx Mpeg To Dvd Converter
Vendors & Products Alloksoft allok Avi Divx Mpeg To Dvd Converter

Sun, 17 May 2026 12:30:00 +0000

Type Values Removed Values Added
Description Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH chain overwrite values, then paste the contents into the License Name field to trigger code execution.
Title Allok AVI DivX MPEG to DVD Converter 2.6.1217 Buffer Overflow SEH
First Time appeared Alloksoft
Alloksoft wmv To Avi Mpeg Dvd Wmv Convertor
Weaknesses CWE-120
CPEs cpe:2.3:a:alloksoft:wmv_to_avi_mpeg_dvd_wmv_convertor:2.6.1217:*:*:*:*:*:*:*
Vendors & Products Alloksoft
Alloksoft wmv To Avi Mpeg Dvd Wmv Convertor
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Alloksoft Allok Avi Divx Mpeg To Dvd Converter Wmv To Avi Mpeg Dvd Wmv Convertor
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-17T12:11:29.779Z

Reserved: 2026-05-17T11:37:53.594Z

Link: CVE-2018-25323

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-17T13:16:43.663

Modified: 2026-05-17T13:16:43.663

Link: CVE-2018-25323

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:00:08Z

Weaknesses