CVE-2018-25322

HIGH

Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25322. PoCs published by Mohan Ravichandran and Velayutham Selvaraj.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in Allok Fast AVI MPEG Splitter 1.2 by crafting a malicious input for the License Name field, leading to arbitrary code execution (calc.exe). It uses a SEH overwrite technique with a custom shellcode payload.

Description

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the License Name field to trigger the overflow and execute code with application privileges.

Exploits (1)

exploitdb WORKING POC

by Mohan Ravichandran and Velayutham Selvaraj · pythonlocalwindows

https://www.exploit-db.com/exploits/44341

View Code ZIP pw:eip

This exploit demonstrates a stack-based buffer overflow in Allok Fast AVI MPEG Splitter 1.2 by crafting a malicious input for the License Name field, leading to arbitrary code execution (calc.exe). It uses a SEH overwrite technique with a custom shellcode payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Allok Fast AVI MPEG Splitter 1.2

No auth needed

Prerequisites: Allok Fast AVI MPEG Splitter 1.2 installed · Python 2.7 to generate exploit.txt

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 17, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-44341

https://www.exploit-db.com/exploits/44341

Product product

Official Product Homepage

http://www.alloksoft.com

Product product

Product Reference

http://www.alloksoft.com/allok_vconverter.exe

Third Party Advisory third-party-advisory

VulnCheck Advisory: Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow

https://www.vulncheck.com/advisories/allok-fast-avi-mpeg-splitter-stack-based-buffer-overflow

Scores

CVSS v3 8.4

EPSS 0.0015

EPSS Percentile 4.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

alloksoft/Fast AVI MPEG Splitter 1.2

Published May 17, 2026

Tracked Since May 17, 2026