CVE-2018-25373
HighSummary
SocuSoft DVD Photo Slideshow Professional version 8.07 contains a stack-based buffer overflow vulnerability in the registration name field, allowing local attackers to execute arbitrary code by exploiting structured exception handling.
Risk Assessment
Attackers can craft a malicious text file with a carefully constructed payload, posing a serious security threat to the system.
Recommendation
It is recommended to update the software to the latest version to mitigate this vulnerability and restrict access to the registration feature for unauthorized users.
Original NVD description (English source)
SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution.

