CVE-2018-25315: Alloksoft Video Joiner Buffer Overflow Allows Code Execution

/HIGH /CVSS 8.4/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycode-executioncwe-120
CVE-2018-25315: Alloksoft Video Joiner Buffer Overflow Allows Code Execution

The National Vulnerability Database highlights CVE-2018-25315, a high-severity buffer overflow affecting Alloksoft Video Joiner version 4.6.1217. This vulnerability allows a local attacker to execute arbitrary code by supplying a specially crafted string in the ‘License Name’ field during license registration. The CVSSv3.1 score for this flaw is 8.4, signaling a critical risk.

Attackers can leverage this by crafting a malicious payload designed for a structured exception handler (SEH) overwrite. When the application attempts to process this input, it triggers the buffer overflow, allowing the attacker to inject and execute their own shellcode. This is a classic local code execution vector, indicating that an attacker would need prior access to the system, but once present, they can escalate privileges or maintain persistence.

While the affected products list isn’t explicitly detailed beyond the specific Alloksoft version, defenders should recognize the broader implications. Such vulnerabilities often exist in legacy or niche software that might fly under the radar during routine patching cycles. The attacker’s calculus here is to exploit systems where this software is installed, likely as a secondary foothold or a means for lateral movement after initial access.

What This Means For You

  • If your organization uses Alloksoft Video Joiner 4.6.1217 or similar older multimedia tools, you need to identify and remove or isolate them immediately. Local code execution vulnerabilities are a significant risk, as they provide an attacker with a powerful capability to execute malicious code directly on a compromised system. This is not about external facing systems; it's about what's running *inside* your network.

Related ATT&CK Techniques

T1218.001 Signed Binary Proxy Execution: DLL Side-Loading Execution T1059.001 Command and Scripting Interpreter: PowerShell Execution T1204.002 User Execution: Malicious File Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1204.002 Execution

CVE-2018-25315: Alloksoft Video Joiner License Name Buffer Overflow

Sigma YAML — free preview 
title: CVE-2018-25315: Alloksoft Video Joiner License Name Buffer Overflow
id: scw-2026-04-29-ai-1
status: experimental
level: critical
description: |
  Detects the execution of Alloksoft Video Joiner 4.6.1217 with a command line argument that suggests license registration, which is the vector for the CVE-2018-25315 buffer overflow vulnerability. This rule specifically targets the vulnerable version and the known exploitation method of supplying a malicious string in the License Name field, leading to potential arbitrary code execution.
author: SCW Feed Engine (AI-generated)
date: 2026-04-29
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2018-25315/
tags:
  - attack.execution
  - attack.t1204.002
logsource:
    category: process_creation
detection:
  selection:
      Image|endswith:
          - 'Alloksoft Video Joiner 4.6.1217.exe'
      CommandLine|contains:
          - 'reg_license'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2018-25315 Buffer Overflow Alloksoft Video joiner 4.6.1217
CVE-2018-25315 RCE Local attackers can execute arbitrary code via malicious string in 'License Name' field.
CVE-2018-25315 Code Injection SEH overwrite and shellcode injection during license registration input processing.

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 29, 2026 at 23:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7426: FreeRTOS-Plus-TCP IPv6 RA Heap Overflow

CVE-2026-7426 — Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-787
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 3 IOCs /⚙ 1 Sigma

CVE-2026-34965: Cockpit CMS RCE via PHP Code Injection

CVE-2026-34965 — Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject...

vulnerabilityCVEhigh-severityremote-code-executioncwe-94
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2018-25318: Tenda Router Vulnerability Allows DNS Hijacking

CVE-2018-25318 — Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers...

vulnerabilityCVEcriticalhigh-severitycwe-290
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 3 IOCs /⚙ 2 Sigma