A stack-based buffer overflow in Allok Video Converter allows an attacker to execute arbitrary system commands by providing a specially crafted payload in the License Name input field.

This is a stack overflow vulnerability located in the License Name input field. By injecting malicious bytecode, an attacker can overwrite Structured Exception Handler (SEH) records to gain control of the execution flow and execute arbitrary code.

Successful exploitation allows for full system compromise on the machine running the software. Given the CVSS score of 9.8, the risk is critical; an attacker could gain a foothold in the corporate network, install persistent malware, or steal sensitive user data.

Immediate Action: Discontinue the use of Allok Video Converter version 4.6.1217 and update to the latest available version provided by the vendor.

Proactive Monitoring: Monitor endpoint detection and response (EDR) systems for unusual process spawning from the Allok Video Converter executable.

Compensating Controls: Implement application whitelisting and restrict administrative privileges for end-users to limit the impact of a successful software-based exploit.

Public Exploit Available: No

Because this vulnerability allows for remote code execution via a simple input field, it is classified as critical. Organizations should immediately identify and update or remove this software from all workstations to mitigate the risk of local privilege escalation or remote compromise.