Description
Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the License Name field to trigger the overflow and execute code with application privileges.
Published: 2026-05-17
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Allok Fast AVI MPEG Splitter 1.2 contains a stack‑based buffer overflow that can be triggered by a local attacker supplying a crafted license name string. The overflow is triggered with 780 bytes of filler followed by shellcode, allowing execution of arbitrary code with the application's privileges. If successfully exploited, the attacker can gain complete control of the affected process and potentially compromise system security.

Affected Systems

Alloksoft’s Fast AVI MPEG Splitter version 1.2 is affected. No other vendor or version information is provided.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity for confidentiality, integrity and availability. The EPSS score is not available, so exact exploitation probability cannot be quantified but the vulnerability is likely to be exploitable on systems where the application runs with elevated privileges. It is not listed in the CISA KEV catalog. The vulnerability is local in nature; an attacker must be able to execute the application or otherwise supply a malicious license name. Based on the description, it is inferred that the attack vector is local user input.

Generated by OpenCVE AI on May 17, 2026 at 13:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade or reinstall the latest version of Allok Fast AVI MPEG Splitter that contains the stack‑overflow fix.
  • If an update is unavailable, configure the application to run with the least privilege and disable or limit the License Name field so that untrusted input cannot be supplied.
  • Apply application whitelisting or script blocking to prevent the execution of malicious payloads derived from the overflow vulnerability.

Generated by OpenCVE AI on May 17, 2026 at 13:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Alloksoft
Alloksoft fast Avi Mpeg Splitter
Vendors & Products Alloksoft
Alloksoft fast Avi Mpeg Splitter

Sun, 17 May 2026 12:30:00 +0000

Type Values Removed Values Added
Description Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the License Name field to trigger the overflow and execute code with application privileges.
Title Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Alloksoft Fast Avi Mpeg Splitter
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-17T12:11:28.960Z

Reserved: 2026-05-17T11:37:38.641Z

Link: CVE-2018-25322

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-17T13:16:43.537

Modified: 2026-05-17T13:16:43.537

Link: CVE-2018-25322

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:00:11Z

Weaknesses