Skip to content
Threat Feed
high advisory

Allok Video to DVD Burner Stack-Based Buffer Overflow Vulnerability (CVE-2018-25303)

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability (CVE-2018-25303) in the License Name field, allowing a local attacker to execute arbitrary code by triggering a structured exception handler (SEH) overwrite.

A stack-based buffer overflow vulnerability exists in Allok Video to DVD Burner version 2.6.1217. This vulnerability, identified as CVE-2018-25303, resides within the “License Name” field of the application. A local attacker can exploit this flaw by crafting a malicious input designed to overwrite the Structured Exception Handler (SEH). Successful exploitation enables the attacker to execute arbitrary code within the context of the application. The vulnerability was reported on 2026-04-29. This is important for defenders because successful exploitation can lead to complete system compromise on vulnerable machines.

Attack Chain

  1. The attacker gains local access to a system with Allok Video to DVD Burner 2.6.1217 installed.
  2. The attacker crafts a malicious input string consisting of 780 bytes of arbitrary data.
  3. The attacker appends SEH chain pointers and shellcode to the crafted input string.
  4. The attacker opens the Allok Video to DVD Burner application and navigates to the registration window.
  5. The attacker pastes the malicious input string into the “License Name” field.
  6. The application attempts to process the oversized input, triggering the buffer overflow.
  7. The SEH is overwritten with the attacker’s controlled pointers.
  8. The shellcode is executed, giving the attacker arbitrary code execution on the system.

Impact

Successful exploitation of this vulnerability allows a local attacker to execute arbitrary code within the context of the Allok Video to DVD Burner application. This could lead to complete system compromise, including data theft, installation of malware, or other malicious activities. The vulnerability affects version 2.6.1217 of the software. The number of potential victims depends on the number of installations of the vulnerable software.

Recommendation

  • Monitor process creations for Allok Video to DVD Burner and unusual child processes using the process creation rule below.
  • Monitor for registry modifications performed by the vulnerable application that may indicate persistence.
  • Due to the age of the application, consider whether it should continue to be used within the environment.

Detection coverage 2

Allok Video to DVD Burner Suspicious Child Process

high

Detects suspicious child processes spawned by Allok Video to DVD Burner which could indicate successful exploitation.

sigma tactics: execution techniques: T1059.001, T1210 sources: process_creation, windows

Allok Video to DVD Burner Registry Modification

medium

Detects registry modifications made by Allok Video to DVD Burner which could indicate persistence.

sigma tactics: persistence techniques: T1210, T1547.001 sources: registry_set, windows

Detection queries are kept inside the platform. Get full rules →