If you have old DVD-burning software sitting quietly on your Windows PC — software you maybe installed years ago and forgot about — there's a real chance a bad actor with brief access to your machine could use it to completely take over your system.
Who's at Risk, and Why It Matters Now
Allok Video to DVD Burner, version 2.6.1217, is a once-popular piece of utility software that millions of home users and small businesses downloaded during the DVD-burning boom of the mid-2000s and early 2010s. Software like this has a long tail: it gets installed, it does its job, and then it gets forgotten — sitting silently on hard drives in homes, offices, schools, and libraries around the world. Security researchers have now confirmed a serious vulnerability in this software, assigned the identifier CVE-2018-25303, carrying a CVSS severity score of 8.4 out of 10 (HIGH).
The people most at risk are anyone who installed this software and never uninstalled it — a group that could number in the hundreds of thousands globally. Because the flaw requires local access to exploit, the highest-risk scenarios involve shared computers: office workstations, family PCs, library terminals, or any machine where more than one person logs in. If you work somewhere with shared computers and relaxed software policies, this one deserves your attention today.
What Can an Attacker Actually Do?
Here's the scenario, told plainly: imagine a coworker, a visiting technician, or anyone who can briefly sit down at your computer. They open Allok Video to DVD Burner and navigate to the software's registration screen — the window where you'd normally type your name and license key to "unlock" the full version. Instead of a real name, they paste in a specially crafted string of text. That string looks like gibberish to a human, but to the software it's a loaded weapon.
The program's registration field has no meaningful limit on how much text it will accept. When the attacker pastes in their malicious string, the software tries to process it and runs out of room — like trying to pour a gallon of water into a coffee cup. The overflow spills into adjacent areas of the computer's memory, areas the software was supposed to use to track what it was doing next. The attacker's crafted input replaces those instructions with their own. Suddenly the software isn't running its own code anymore — it's running whatever the attacker told it to run. That could mean stealing files, installing hidden surveillance tools, creating a secret backdoor account, or anything else a piece of malicious software might do.
The most unsettling part? The entire attack can happen in seconds. There's no suspicious file to download, no warning prompt to click through. It's a few keystrokes in a registration dialog box, and the machine is compromised.
The Technical Detail Security Researchers Need to Know
For the security professionals in the room: this is a stack-based buffer overflow via a Structured Exception Handler (SEH) overwrite in the License Name input field. The attack requires crafting an input string of approximately 780 bytes of padding followed by SEH chain pointers and arbitrary shellcode. Because SEH-based overflows bypass some traditional stack-protection mechanisms by hijacking the exception-handling chain rather than the return address directly, standard stack canaries alone are insufficient mitigation. The vulnerability class is well-understood, but its presence in software still actively residing on endpoints makes it a meaningful lateral movement or privilege escalation opportunity in the right environment. CVSS 8.4 (HIGH) reflects the severity of arbitrary code execution, offset slightly by the local-access prerequisite.
Has Anyone Been Attacked Yet?
As of publication, there is no confirmed evidence of this vulnerability being actively exploited in the wild. The CVE was formally catalogued relatively recently despite the software's age, which is itself a reminder of how long unpatched legacy software can fly under the radar before someone looks closely at it. No specific threat actor groups or malware campaigns have been publicly linked to CVE-2018-25303 at this time.
The vulnerability's discovery follows a familiar pattern in the security research community: researchers auditing older, abandoned utility software and finding that the attack surface never went away just because the software stopped being updated. Allok Software has not released a patch, and given the age and apparent abandonment of the product, one is unlikely to come. The only real fix is removal.
⚠️ No patch exists for this vulnerability. The vendor has not issued a fix. Uninstalling the software is the only reliable remediation.
What You Should Do Right Now
Follow these three steps, in order:
-
Search for and uninstall Allok Video to DVD Burner version 2.6.1217 immediately.
On Windows, go to Settings → Apps → Installed Apps (Windows 11) or Control Panel → Programs and Features (Windows 10 and earlier) and search for "Allok." If you find it, uninstall it now. There is no patched version to update to — removal is the only safe option. IT administrators should run a software inventory scan across all endpoints using tools like Microsoft Endpoint Manager, Lansweeper, or a comparable asset management platform to identify any installations across the organization. -
Audit shared and legacy computers for forgotten software using a free tool like Belarc Advisor or Sysinternals Autoruns.
Old utility software is often installed and forgotten, especially on machines used by multiple people. Running a full installed-software audit takes less than ten minutes and can surface other forgotten, unpatched applications that represent similar risks. For enterprises, prioritize workstations that allow non-administrator users to run arbitrary software. -
Enforce a software allowlist or application control policy to prevent unauthorized software execution going forward.
Windows environments can use Windows Defender Application Control (WDAC) or AppLocker (available in Windows 10/11 Pro and Enterprise) to restrict which applications can run. This won't fix the past, but it closes the door on this entire class of "forgotten software" vulnerabilities. At minimum, review and enforce a policy that requires IT approval before any software is installed on shared or business-critical machines.
The Bigger Picture
CVE-2018-25303 is not a headline-grabbing zero-day exploited by nation-state hackers. It's something arguably more insidious: a quiet, forgotten vulnerability sitting on millions of machines, waiting. The lesson here isn't specific to one DVD-burning program. It's about the hidden danger of software sprawl — the accumulated weight of every utility, trial program, and one-time tool that ever got installed and never got removed.
Every piece of software on your computer is a potential entry point. The ones that haven't been updated in years are the ones most worth worrying about. Take twenty minutes today to look at what's actually installed on your machines. You might be surprised what you find.
CVE: CVE-2018-25303 | CVSS Score: 8.4 (HIGH) | Affected Software: Allok Video to DVD Burner 2.6.1217 | Patch Status: No patch available — uninstall recommended | Active Exploitation: None confirmed at time of publication