CVE-2018-25315

HIGH

Alloksoft Video joiner 4.6.1217 Buffer Overflow via License Name

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25315. PoCs published by Mohan Ravichandran and Velayutham Selvaraj.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Alloksoft Video Joiner 4.6.1217 by crafting a malicious payload that overwrites the SEH handler, leading to arbitrary code execution (calc.exe). The exploit generates a file that, when pasted into the License Name field, triggers the vulnerability.

Description

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode to achieve code execution when the application processes the license registration input.

Exploits (1)

exploitdb WORKING POC

by Mohan Ravichandran and Velayutham Selvaraj · pythonlocalwindows

https://www.exploit-db.com/exploits/44364

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in Alloksoft Video Joiner 4.6.1217 by crafting a malicious payload that overwrites the SEH handler, leading to arbitrary code execution (calc.exe). The exploit generates a file that, when pasted into the License Name field, triggers the vulnerability.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Alloksoft Video Joiner 4.6.1217

No auth needed

Prerequisites: Python 2.7 · Alloksoft Video Joiner 4.6.1217 installed on Windows XP SP3

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-44364

https://www.exploit-db.com/exploits/44364

Product product

Official Product Homepage

http://www.alloksoft.com

Product product

Product Reference

http://www.alloksoft.com/joiner.htm

Third Party Advisory third-party-advisory

VulnCheck Advisory: Alloksoft Video joiner 4.6.1217 Buffer Overflow via License Name

https://www.vulncheck.com/advisories/alloksoft-video-joiner-buffer-overflow-via-license-name

Scores

CVSS v3 8.4

EPSS 0.0016

EPSS Percentile 5.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (1)

Alloksoft/Video Joiner 4.6.1217

Published Apr 29, 2026

Tracked Since Apr 30, 2026