CVE-2017-8367

Exp

Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username.

Published: 2017-04-30 Last update: 2026-05-13 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2017-8367 is rated Exploit Available (50.3/100): CVSS High severity, with low exploitation likelihood (EPSS 0.11%). 1 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2017-8367

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2017-8367

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 5.08% 0.11% -4.98%
2 2025-03-29 0.11% 5.08% +4.98%
3 2025-03-28 0.11%

Full EPSS history (11 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2017-8367

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.8 3.0 HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.8 5.9 [email protected]
4.6 2.0 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 3.9 6.4 [email protected]

Weakness enumeration for CVE-2017-8367

Affected software / configurations for CVE-2017-8367

Vendor Product Version Raw CPE
ether_software easy_avi\/divx\/xvid_to_dvd_burner cpe:2.3:a:ether_software:easy_avi\/divx\/xvid_to_dvd_burner:-:*:*:*:*:*:*:*
ether_software easy_avi_divx_converter cpe:2.3:a:ether_software:easy_avi_divx_converter:-:*:*:*:*:*:*:*
ether_software easy_cd_dvd_copy cpe:2.3:a:ether_software:easy_cd_dvd_copy:-:*:*:*:*:*:*:*
ether_software easy_dvd_creator cpe:2.3:a:ether_software:easy_dvd_creator:-:*:*:*:*:*:*:*
ether_software easy_mov_converter cpe:2.3:a:ether_software:easy_mov_converter:-:*:*:*:*:*:*:*
ether_software easy_mov_converter 1.4.24 cpe:2.3:a:ether_software:easy_mov_converter:1.4.24:*:*:*:*:*:*:*
ether_software easy_mpeg\/avi\/divx\/wmv\/rm_to_dvd cpe:2.3:a:ether_software:easy_mpeg\/avi\/divx\/wmv\/rm_to_dvd:-:*:*:*:*:*:*:*
ether_software easy_mpeg_to_dvd_burner cpe:2.3:a:ether_software:easy_mpeg_to_dvd_burner:-:*:*:*:*:*:*:*
ether_software easy_rm_rmvb_to_dvd_burner cpe:2.3:a:ether_software:easy_rm_rmvb_to_dvd_burner:-:*:*:*:*:*:*:*
ether_software easy_video_to_3gp_converter cpe:2.3:a:ether_software:easy_video_to_3gp_converter:-:*:*:*:*:*:*:*
ether_software easy_video_to_ipod\/mp4\/psp\/3gp_converter cpe:2.3:a:ether_software:easy_video_to_ipod\/mp4\/psp\/3gp_converter:-:*:*:*:*:*:*:*
ether_software easy_video_to_ipod_converter cpe:2.3:a:ether_software:easy_video_to_ipod_converter:-:*:*:*:*:*:*:*
ether_software easy_video_to_mp4_converter cpe:2.3:a:ether_software:easy_video_to_mp4_converter:-:*:*:*:*:*:*:*
ether_software easy_video_to_psp_converter cpe:2.3:a:ether_software:easy_video_to_psp_converter:-:*:*:*:*:*:*:*
ether_software easy_wmv\/asf\/asx_to_dvd_burner cpe:2.3:a:ether_software:easy_wmv\/asf\/asx_to_dvd_burner:-:*:*:*:*:*:*:*
ether_software mp3\/avi\/mpeg\/wmv\/rm_to_audio_cd_burner cpe:2.3:a:ether_software:mp3\/avi\/mpeg\/wmv\/rm_to_audio_cd_burner:-:*:*:*:*:*:*:*
ether_software mp3\/wav\/ogg\/wma\/ac3_to_cd_burner cpe:2.3:a:ether_software:mp3\/wav\/ogg\/wma\/ac3_to_cd_burner:-:*:*:*:*:*:*:*
ether_software mp3_wav_to_cd_burner cpe:2.3:a:ether_software:mp3_wav_to_cd_burner:-:*:*:*:*:*:*:*
ether_software my_video_converter cpe:2.3:a:ether_software:my_video_converter:-:*:*:*:*:*:*:*

References for CVE-2017-8367

cvelogic Threat Intelligence