CVE-2019-25701

EUVD-2019-20133
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
ether_softwareeasy_video_to_ipod_converter
1.6.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.divxtodvd.net/
http://www.divxtodvd.net/easy_video_to_ipod.exe
https://www.exploit-db.com/exploits/46255
https://www.vulncheck.com/advisories/easy-video-to-ipod-converter-local-buffer-overflow-seh