Allok AVI DivX MPEG to DVD Converter Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in Allok AVI DivX MPEG to DVD Converter version 2.6.1217. This vulnerability involves a structured exception handler (SEH) overwrite, allowing local attackers to execute arbitrary code. Exploitation requires crafting a text file with a specially designed buffer that includes shellcode and SEH chain overwrite values. The malicious payload can then be pasted into the License Name field to trigger the execution of the injected code.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, copy the contents of a text file that includes the crafted buffer with shellcode and SEH overwrite values. Paste this content into the 'License Name' field of the application. The overflow will occur, and the shellcode will be executed, in this case, launching the Windows calculator (calc.exe).