CVE-2018-25377

Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-120

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the Help > Register dialog to trigger a reverse shell with system privileges.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

SocuSoft · Flash Slideshow Maker Professional

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/45355unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://flash.dvd-photo-slideshow.com/https://www.exploit-db.com/exploits/45355 https://www.vulncheck.com/advisories/flash-slideshow-maker-professional-buffer-overflow-seh