What is the CVSS score of CVE-2019-25362?

CVE-2019-25362 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of DNS are affected by CVE-2019-25362?

A critical vulnerability in WMV to AVI/MPEG/DVD converter software (versions up to 4.6.1217) allows attackers to execute arbitrary code with a CVSS score of 9.8.

Is there a public PoC exploit available for CVE-2019-25362?

Yes, a public proof-of-concept exploit is available for CVE-2019-25362. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2019-25362?

Within 24 hours: Inventory all systems running WMV To Avi Mpeg Dvd Wmv Convertor and isolate affected machines from production networks if feasible. Within 7 days: Restrict user access to this application, disable the software if business-critical functions can be redirected to alternative tools, and implement strict input validation for media file processing. Within 30 days: Evaluate and migrate to patched alternatives or replacement software; monitor for exploitation attempts and conduct forensic analysis of any suspect systems.

DNS CVE-2019-25362

CRITICAL

Out-of-bounds Write (CWE-787)

2026-02-18 disclosure@vulncheck.com

Buffer Overflow DNS Stack Overflow Wmv To Avi Mpeg Dvd Wmv Convertor

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 27, 2026 - 15:17 vuln.today

Public exploit code

CVE Published

Feb 18, 2026 - 22:16 nvd

CRITICAL 9.8

DescriptionNVD

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application's input handling.

AnalysisAI

Buffer overflow in WMV to AVI MPEG DVD Convertor 4.6.1217 allows code execution via crafted media files. PoC available.

Technical ContextAI

CWE-787 out-of-bounds write triggered by malicious media file processing.

RemediationAI

Update or replace the converter application.

CVE-2019-25362 vulnerability details – vuln.today

Back

DNS CVE-2019-25362

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code