Description
SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution.
Published: 2026-05-25
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow in the registration name field that permits local attackers to execute arbitrary code by overwriting the structured exception handling chain. The flaw is a classic example of CWE-121, where unbounded input data can corrupt the stack and redirect execution flow to attacker supplied shellcode. A malicious user crafts a text file with junk bytes, an SEH overwrite sequence, and shellcode, then pastes it into the Registration Name field through the Help > Register menu, triggering the chain overwrite and code execution on the local machine.

Affected Systems

Only SocuSoft DVD Photo Slideshow Professional version 8.07 is affected; no other versions or vendors are listed in the CNA data.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity, but the vulnerability is local in nature and requires the attacker to be able to run the application or have a legitimate user paste the crafted input. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, which suggests a lower likelihood of widespread exploitation at present. However, institutions that rely on this software should consider that a local attacker or a malicious user with some level of privilege could compromise the system by triggering the buffer overflow and gaining arbitrary code execution.

Generated by OpenCVE AI on May 25, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official update or patch released by SocuSoft for DVD Photo Slideshow Professional that fixes the stack buffer overflow.
  • If no patch is available, uninstall or disable the application to eliminate the local attack surface.
  • As a temporary protective measure, enforce system hardening such as DEP and ASLR, and restrict user privileges so that even if the buffer overflow is triggered it cannot reach high‑privilege actions.

Generated by OpenCVE AI on May 25, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution.
Title DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-25T14:15:17.927Z

Reserved: 2026-05-25T13:49:00.908Z

Link: CVE-2018-25373

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T16:00:14Z

Weaknesses