Skip to content
Threat Feed
high advisory

Alloksoft Video Joiner Buffer Overflow Vulnerability (CVE-2018-25315)

Alloksoft Video Joiner 4.6.1217 is vulnerable to a local buffer overflow (CVE-2018-25315) allowing attackers to execute arbitrary code via a crafted license name.

Alloksoft Video Joiner version 4.6.1217 is susceptible to a buffer overflow vulnerability (CVE-2018-25315). This vulnerability allows a local attacker to execute arbitrary code on a vulnerable system. The attack involves crafting a malicious string and supplying it to the “License Name” field of the application during registration. Exploitation occurs due to the application’s failure to properly validate the length of the input, allowing a buffer overflow to occur. The attacker leverages Structured Exception Handler (SEH) overwrite and injects shellcode to gain code execution in the context of the application. This vulnerability was reported in April 2026.

Attack Chain

  1. The attacker gains local access to a system with Alloksoft Video Joiner 4.6.1217 installed.
  2. The attacker identifies the “License Name” field within the application’s registration process as a potential vulnerability point.
  3. The attacker crafts a malicious string that exceeds the expected buffer size for the “License Name” field.
  4. The malicious string includes an SEH overwrite payload, redirecting execution flow to the attacker’s controlled memory.
  5. The crafted string also contains shellcode designed to perform arbitrary code execution.
  6. The attacker inputs the malicious string into the “License Name” field and submits the registration form.
  7. The application attempts to process the oversized string, triggering a buffer overflow.
  8. The SEH overwrite redirects execution to the injected shellcode, granting the attacker arbitrary code execution within the context of the Alloksoft Video Joiner process.

Impact

Successful exploitation of this buffer overflow vulnerability allows a local attacker to execute arbitrary code with the privileges of the Alloksoft Video Joiner application. This could lead to complete system compromise, data theft, or installation of malware. While the specific number of affected users is unknown, any system running the vulnerable version of the software is at risk.

Recommendation

  • Monitor process creations for VideoJoiner.exe spawning unusual child processes, indicative of code execution stemming from the overflow.
  • Consider deploying network egress rules to block connections originating from VideoJoiner.exe to external IPs to prevent command and control.
  • Implement application control policies to prevent the execution of unsigned or untrusted code within the context of VideoJoiner.exe.

Detection coverage 2

Alloksoft Video Joiner Suspicious Child Process

high

Detects suspicious child processes spawned by Alloksoft Video Joiner, indicating potential code execution from a buffer overflow.

sigma tactics: execution techniques: T1059.001 sources: process_creation, windows

Alloksoft Video Joiner Outbound Network Connection

medium

Detects outbound network connections initiated by Alloksoft Video Joiner, which is unusual behavior and may indicate command and control.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, windows

Detection queries are kept inside the platform. Get full rules →