CVE Catalog

CVE-2018-25373

High
Published: Translated: NVD NIST

Summary

SocuSoft DVD Photo Slideshow Professional version 8.07 contains a stack-based buffer overflow vulnerability in the registration name field, allowing local attackers to execute arbitrary code by exploiting structured exception handling.

Risk Assessment

Attackers can craft a malicious text file with a carefully constructed payload, posing a serious security threat to the system.

Recommendation

It is recommended to update the software to the latest version to mitigate this vulnerability and restrict access to the registration feature for unauthorized users.

Original NVD description (English source)

SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS