CVE-2019-25362 — CRITICAL (9.8)

Vulnerability Description

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application's input handling.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Alloksoft	Wmv To Avi Mpeg Dvd Wmv Convertor	4.6.1217

Related Weaknesses (CWE)

CWE-787

References

https://www.alloksoft.com/Not ApplicableURL Repurposed
https://www.alloksoft.com/wmv.htmNot ApplicableURL Repurposed
https://www.exploit-db.com/exploits/47563ExploitVDB Entry
https://www.exploit-db.com/exploits/47568ExploitVDB Entry
https://www.vulncheck.com/advisories/wmv-to-avi-mpeg-dvd-wmv-convertor-buffer-ovThird Party Advisory

FAQ

What is CVE-2019-25362?

CVE-2019-25362 is a vulnerability with a CVSS score of 9.8 (CRITICAL). WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers c...

How severe is CVE-2019-25362?

CVE-2019-25362 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-25362?

Check the references section above for vendor advisories and patch information. Affected products include: Alloksoft Wmv To Avi Mpeg Dvd Wmv Convertor.