CVE-2018-25211
Published: 26 March 2026
Summary
CVE-2018-25211 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Alloksoft Video Splitter. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 17.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
Allok Video Splitter 3.1.1217 is affected by CVE-2018-25211, a buffer overflow vulnerability (CWE-787) in the License Name registration field. The issue arises when an oversized string exceeding 780 bytes is supplied, leading to a buffer overflow upon clicking the Register button. This flaw has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact potential.
Local attackers can exploit this vulnerability by crafting a malicious payload and pasting it into the License Name field during the registration process, then triggering the overflow by clicking Register. Successful exploitation enables denial of service or arbitrary code execution, though it requires user interaction and local access with no privileges needed.
Advisories and related resources include a Vulncheck advisory detailing the buffer overflow via License Name, an Exploit-DB entry (exploit 44605) providing a proof-of-concept, and the vendor site at alloksoft.com. No specific patch or mitigation details are outlined in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21680
Vulnerability details
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding…
more
780 bytes, paste it into the License Name registration field, and trigger the overflow when the Register button is clicked.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in local client application enables arbitrary code execution via crafted user input, directly mapping to exploitation of client software for code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires identification, reporting, and correction of system flaws like the buffer overflow in the License Name field, enabling patching or removal of the vulnerable Allok Video Splitter software.
Mandates information input validation mechanisms at input points, directly preventing buffer overflows from oversized strings exceeding 780 bytes in the License Name registration field.
Implements memory protection safeguards such as non-executable memory regions to block arbitrary code execution resulting from the buffer overflow exploit.