Primary

Context

AVS Audio Converter Stack Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A stack overflow vulnerability has been identified in AVS Audio Converter version 9.1.2.600. This vulnerability allows attackers to execute arbitrary code by manipulating the output folder text input. When the 'Browse' button is clicked, the crafted payload overwrites stack memory and triggers a bind shell on port 9999.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with the privileges of the user running AVS Audio Converter.

Reproduction

To reproduce this vulnerability, first download and install AVS Audio Converter 9.1.2.600. After installation, open the application and locate the output folder text box. Copy a payload that exploits the buffer overflow vulnerability into this text box. When the 'Browse' button is clicked, the application will freeze, and a bind shell will be opened on port 9999.

Added: Feb 12, 2026, 11:33 PM

Updated: Feb 12, 2026, 11:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.0

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.0

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVS Audio Converter Stack Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

AVS Audio Converter

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating