Skip to content
Threat Feed
high advisory

Flash Slideshow Maker Professional 5.20 Buffer Overflow Vulnerability (CVE-2018-25377)

Flash Slideshow Maker Professional 5.20 is vulnerable to a buffer overflow in the registration dialog, allowing local attackers to execute arbitrary code with system privileges by exploiting structured exception handling and crafting a malicious payload for the Name and Code fields.

Flash Slideshow Maker Professional version 5.20 is susceptible to a buffer overflow vulnerability (CVE-2018-25377) within its registration process. This flaw enables a local attacker to execute arbitrary code with elevated system privileges. The vulnerability is triggered via a crafted payload pasted into the “Name” and “Code” fields within the “Help > Register” dialog. Successful exploitation leads to a reverse shell with system privileges, posing a significant risk to affected systems. The advisory was published in May 2026, though the underlying software flaw dates back to 2018.

Attack Chain

  1. The attacker gains local access to a system with Flash Slideshow Maker Professional 5.20 installed.
  2. The attacker crafts a malicious payload designed to exploit a buffer overflow when processed by the application.
  3. The attacker opens the Flash Slideshow Maker Professional application.
  4. The attacker navigates to the “Help > Register” dialog within the application.
  5. The attacker pastes the crafted malicious payload into the “Name” and “Code” fields of the registration dialog.
  6. The attacker triggers the registration process, causing the application to process the malicious payload without proper size validation.
  7. The buffer overflow occurs, overwriting memory and hijacking control flow via structured exception handling (SEH).
  8. The attacker gains a reverse shell with system privileges on the compromised system.

Impact

Successful exploitation of this buffer overflow vulnerability (CVE-2018-25377) allows a local attacker to execute arbitrary code with system-level privileges. This grants the attacker full control over the affected system, enabling them to install malware, steal sensitive data, or perform other malicious activities. This vulnerability poses a significant risk to any system running the affected version of Flash Slideshow Maker Professional 5.20.

Recommendation

  • Apply appropriate input validation to the Name and Code fields.
  • Monitor process creations for suspicious child processes of Flash Slideshow Maker Professional using the process creation rule below.
  • Monitor for unexpected network connections originating from the Flash Slideshow Maker Professional process using the network connection rule below.

Detection coverage 2

Detects CVE-2018-25377 Exploitation Attempt — Suspicious Child Process of Flash Slideshow Maker

high

Detects CVE-2018-25377 exploitation attempt — Monitors for the creation of suspicious child processes from Flash Slideshow Maker Professional, indicating potential code execution.

sigma tactics: execution, privilege_escalation techniques: T1068 sources: process_creation, windows

Detects CVE-2018-25377 Exploitation Attempt — Suspicious Outbound Network Connection from Flash Slideshow Maker

medium

Detects CVE-2018-25377 exploitation attempt — Monitors for outbound network connections from Flash Slideshow Maker Professional, which is not expected behavior.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, windows

Detection queries are available on the platform. Get full rules →