CVE-2019-25363
CVE-2019-25363
8.4
HighPublished:
Last updated:
Source:disclosure@vulncheck.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Local
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- Active
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an application crash.
References
disclosure@vulncheck.com
https://web.archive.org/web/20190108145533/https://www.alloksoft.com/wmv.htmdisclosure@vulncheck.com
https://www.alloksoft.com/disclosure@vulncheck.com
https://www.exploit-db.com/exploits/47563disclosure@vulncheck.com
https://www.vulncheck.com/advisories/wmv-to-avi-mpeg-dvd-wmv-convertor-denial-of-service