Allok AVI to DVD SVCD VCD Converter Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A buffer overflow vulnerability has been identified in Allok AVI to DVD SVCD VCD Converter version 4.0.1217. This vulnerability is a structured exception handling (SEH) based buffer overflow, allowing local attackers to execute arbitrary code. The issue arises when a malicious string is entered in the License Name field. Attackers can create a payload consisting of junk data, a bypass for the non-seh, the address of the SEH handler, and shellcode. When this crafted payload is pasted into the License Name field and the Register button is clicked, the overflow is triggered, leading to code execution.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Reproduction
To reproduce this vulnerability, first download and install Allok AVI to DVD SVCD VCD Converter version 4.0.1217. Then, run the provided Python exploit code, which creates a file named 'Evil.txt' containing the crafted payload. Open Allok AVI to DVD SVCD VCD Converter and paste the contents of 'Evil.txt' into the License Name field. Finally, click the Register button to trigger the buffer overflow and execute the injected code.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.