CVE-2018-25315

HIGH

Alloksoft Video joiner 4.6.1217 Buffer Overflow via License Name

Title source: cna

Description

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode to achieve code execution when the application processes the license registration input.

Exploits (1)

exploitdb WORKING POC

by Mohan Ravichandran and Velayutham Selvaraj · pythonlocalwindows

https://www.exploit-db.com/exploits/44364

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/44364

[Product] http://www.alloksoft.com

[Product] http://www.alloksoft.com/joiner.htm

[Third Party Advisory] https://www.vulncheck.com/advisories/alloksoft-video-joiner-buffer-overflow-via-license-name

Scores

CVSS v3 8.4

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

Alloksoft/Video Joiner 4.6.1217

Published Apr 29, 2026

Tracked Since Apr 30, 2026