Description
Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode to achieve code execution when the application processes the license registration input.
Published: 2026-04-29
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic buffer overflow exploitable through the License Name input field in Alloksoft Video Joiner 4.6.1217. An attacker with local access can supply a malicious string that overflows the buffer, triggers a structured exception handler overwrite, and injects shellcode. Successful exploitation allows the attacker to execute arbitrary code under the privileges of the running process, potentially giving them full control of the affected machine.

Affected Systems

Alloksoft Video Joiner version 4.6.1217 is affected. This is the sole product listed by the CNA, and no other versions are explicitly mentioned as vulnerable in the available information.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity exploit that is not currently tracked in CISA’s KEV catalog, and no EPSS value is provided. The attack is local, meaning an attacker must have prior local access to supply the malicious license name. Because the vulnerability requires interaction with the application and no automated remote exploitation is documented, the likelihood of exploitation in the wild is limited, but neutralized by the high impact of local code execution if an attacker does gain control. Administrators should treat this as a significant risk until remedied.

Generated by OpenCVE AI on April 30, 2026 at 03:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Alloksoft Video Joiner release that contains the fixed buffer overflow code
  • Restrict installation and execution rights for the application to trusted administrators only
  • Disable or remove the license registration feature if it is not required for business operations

Generated by OpenCVE AI on April 30, 2026 at 03:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Alloksoft
Alloksoft video Joiner
Vendors & Products Alloksoft
Alloksoft video Joiner

Wed, 29 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode to achieve code execution when the application processes the license registration input.
Title Alloksoft Video joiner 4.6.1217 Buffer Overflow via License Name
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Alloksoft Video Joiner
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-30T13:08:31.520Z

Reserved: 2026-04-29T12:24:34.378Z

Link: CVE-2018-25315

cve-icon Vulnrichment

Updated: 2026-04-30T13:08:28.160Z

cve-icon NVD

Status : Deferred

Published: 2026-04-29T20:16:27.363

Modified: 2026-04-29T21:22:20.120

Link: CVE-2018-25315

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:20:37Z

Weaknesses