CVE-2018-25211
Published: 26 March 2026
Summary
CVE-2018-25211 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Alloksoft Video Splitter. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 7.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires identification, reporting, and correction of system flaws like the buffer overflow in the License Name field, enabling patching or removal of the vulnerable Allok Video Splitter software.
Mandates information input validation mechanisms at input points, directly preventing buffer overflows from oversized strings exceeding 780 bytes in the License Name registration field.
Implements memory protection safeguards such as non-executable memory regions to block arbitrary code execution resulting from the buffer overflow exploit.
NVD Description
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding…
more
780 bytes, paste it into the License Name registration field, and trigger the overflow when the Register button is clicked.
Deeper analysisAI
Allok Video Splitter 3.1.1217 is affected by CVE-2018-25211, a buffer overflow vulnerability (CWE-787) in the License Name registration field. The issue arises when an oversized string exceeding 780 bytes is supplied, leading to a buffer overflow upon clicking the Register button. This flaw has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact potential.
Local attackers can exploit this vulnerability by crafting a malicious payload and pasting it into the License Name field during the registration process, then triggering the overflow by clicking Register. Successful exploitation enables denial of service or arbitrary code execution, though it requires user interaction and local access with no privileges needed.
Advisories and related resources include a Vulncheck advisory detailing the buffer overflow via License Name, an Exploit-DB entry (exploit 44605) providing a proof-of-concept, and the vendor site at alloksoft.com. No specific patch or mitigation details are outlined in the available information.
Details
- CWE(s)