CVE-2018-25314 HIGH

CVE-2018-25314: Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow

Vendor Alloksoft
Product WMV to AVI MPEG DVD WMV Converter
Weakness CWE-120
Published April 29, 2026
Last update April 30, 2026

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception handler (SEH) overwrite to bypass protections and execute code with application privileges.

Key dates

02Disclosure timeline

April 29, 2026 CVE published
April 30, 2026 Record updated