CVE-2018-25373

DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-121

SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

SocuSoft · DVD Photo Slideshow Professional

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/45346unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/45346 https://www.vulncheck.com/advisories/dvd-photo-slideshow-professional-buffer-overflow-seh http://www.dvd-photo-slideshow.com/