Buffer Overflow in Allok AVI DivX MPEG to DVD Converter by Allok Soft
CVE-2018-25323

8.6HIGH

Key Information:

Vendor: Alloksoft
Status: Allok Avi Divx Mpeg To Dvd Converter
Vendor: CVE Published:; 17 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-25323?

Allok AVI DivX MPEG to DVD Converter 2.6.1217 is susceptible to a structured exception handler (SEH) buffer overflow, enabling local attackers to execute arbitrary code. This vulnerability arises when a malicious user crafts a text file containing a specially formatted buffer, along with shellcode and SEH chain overwrite values, and inputs it into the License Name field. Upon execution, this can lead to unauthorized code execution, posing a significant risk to the integrity and security of the user's system.

Affected Version(s)

Allok AVI DivX MPEG to DVD Converter 2.6.1217

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-25323 - Proof of Concept

References

https://www.exploit-db.com/exploits/44363

exploit

https://www.vulncheck.com/advisories/allok-avi-divx-mpeg-...

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 17, 2026
👾
Exploit known to exist
May 17, 2026
Vulnerability published
May 17, 2026
Vulnerability Reserved
May 17, 2026

Credit

wetw0rk

CVE-2018-25323 Data

JSON

Alloksoft

Badges

What is CVE-2018-25323?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit