← back
CVE-2018-25315

Alloksoft Video joiner 4.6.1217 Buffer Overflow via License Name

CVSS 8.6 HIGHEPSS 0.2%CWE-120
Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode to achieve code execution when the application processes the license registration input.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Alloksoft · Video Joiner
public PoCs found1
cve_referencewww.exploit-db.com/exploits/44364unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/44364https://www.vulncheck.com/advisories/alloksoft-video-joiner-buffer-overflow-via-license-namehttp://www.alloksoft.comhttp://www.alloksoft.com/joiner.htm