Description
Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration Key fields to overwrite the SEH chain and execute shellcode for reverse shell access.
Published: 2026-05-25
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the registration dialog of SocuSoft 3GP Photo Slideshow 8.05, allowing an attacker who can provide crafted input to the Registration Name and Registration Key fields to overwrite the structured exception handling chain and execute arbitrary code. The vulnerability is a classic stack corruption flaw (CWE‑120) and can be exploited locally to gain complete control of the system, including reverse shell access.

Affected Systems

The affected product is SocuSoft 3GP Photo Slideshow, version 8.05. No other versions are listed as impacted in the available data.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity. The EPSS score is unavailable, and the vulnerability is not listed in CISA’s KEV catalog, suggesting it has not yet been widely observed in the wild. Because the exploit requires local interaction with the registration dialog, the risk to a machine is mitigated if the application is run only by trusted users or is disabled. Nonetheless, if the software is installed and the registration feature is available, an attacker with local access could execute arbitrary commands with the privileges of the user running the program.

Generated by OpenCVE AI on May 25, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Search for and apply any SocuSoft patch or update that addresses the SEH overwrite flaw.
  • Restrict or remove local user accounts that have permission to run the application, or disable the registration feature to eliminate the input vector.
  • Uninstall the 3GP Photo Slideshow application from systems where it is not required.
  • Implement application whitelisting on the host to block execution of the vulnerable binary until a patch is available.

Generated by OpenCVE AI on May 25, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration Key fields to overwrite the SEH chain and execute shellcode for reverse shell access.
Title Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-25T14:15:19.972Z

Reserved: 2026-05-25T13:51:42.200Z

Link: CVE-2018-25376

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T15:30:06Z

Weaknesses