Primary

Context

Allok Video Converter Stack Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A stack overflow vulnerability has been identified in Allok Video Converter version 4.6.1217. The issue resides in the License Name input field, where attackers can inject malicious bytecode to overwrite Structured Exception Handling (SEH) handlers. This exploitation allows for the execution of arbitrary code, such as launching system commands. The vulnerability arises from improper input handling, leading to a buffer overflow that can be exploited to execute unauthorized code.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, copy the crafted payload into the License Name input field of Allok Video Converter version 4.6.1217. The injected bytecode will overwrite the SEH handlers, enabling the execution of the specified command, such as launching the calculator application.

Added: Feb 11, 2026, 9:47 PM

Updated: Feb 11, 2026, 9:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.0

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.0

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Allok Video Converter Stack Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating