{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/fast-avi-mpeg-splitter-1.2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25322"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Fast AVI MPEG Splitter 1.2"],"_cs_severities":["high"],"_cs_tags":["buffer-overflow","stack-overflow","cve-2018-25322"],"_cs_type":"advisory","_cs_vendors":["Allok"],"content_html":"\u003cp\u003eAllok Fast AVI MPEG Splitter 1.2 is susceptible to a stack-based buffer overflow vulnerability identified as CVE-2018-25322. This flaw enables a local attacker to inject and execute arbitrary code on the system. The attack involves supplying a specially crafted license name string to the application. The vulnerability allows an attacker to craft a payload of approximately 780 bytes of junk data, followed by structured shellcode, and insert it into the License Name field. Successful exploitation of this vulnerability grants the attacker the ability to execute code with the same privileges as the application. This vulnerability matters because successful exploitation could allow attackers to gain unauthorized control over the system and perform malicious activities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious payload containing 780 bytes of junk data followed by shellcode.\u003c/li\u003e\n\u003cli\u003eAttacker launches Allok Fast AVI MPEG Splitter 1.2.\u003c/li\u003e\n\u003cli\u003eAttacker navigates to the license registration or activation section of the software.\u003c/li\u003e\n\u003cli\u003eAttacker enters the crafted payload into the License Name field.\u003c/li\u003e\n\u003cli\u003eThe application attempts to copy the supplied license name string into a fixed-size buffer on the stack without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe oversized payload overflows the buffer, overwriting adjacent memory regions on the stack.\u003c/li\u003e\n\u003cli\u003eThe overwritten memory includes the return address, which is replaced with the address of the attacker\u0026rsquo;s shellcode.\u003c/li\u003e\n\u003cli\u003eWhen the function returns, execution jumps to the attacker-controlled shellcode, enabling arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2018-25322 allows a local attacker to execute arbitrary code with the privileges of the Allok Fast AVI MPEG Splitter 1.2 application. This could lead to complete system compromise, data theft, or the installation of malware. The lack of information regarding the number of potential victims or specific sectors targeted makes it difficult to quantify the impact precisely, but the potential for significant harm is evident.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eConsider uninstalling Allok Fast AVI MPEG Splitter 1.2 if it is not essential, due to the unpatched nature of CVE-2018-25322.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Allok Fast AVI MPEG Splitter Buffer Overflow Attempt\u0026rdquo; to identify potential exploitation attempts by monitoring process creations with license names containing excessive data.\u003c/li\u003e\n\u003cli\u003eMonitor for unusual process executions originating from the Allok Fast AVI MPEG Splitter 1.2 process to detect potential code execution.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-17T13:18:17Z","date_published":"2026-05-17T13:18:17Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25322-allok-splitter-overflow/","summary":"Allok Fast AVI MPEG Splitter 1.2 is vulnerable to a stack-based buffer overflow, allowing local attackers to execute arbitrary code by providing a malicious license name string containing a crafted payload, leading to code execution with application privileges.","title":"CVE-2018-25322 - Allok Fast AVI MPEG Splitter Stack Buffer Overflow","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25322-allok-splitter-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Fast AVI MPEG Splitter 1.2","version":"https://jsonfeed.org/version/1.1"}