{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/3gp-photo-slideshow-8.05/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25376"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["3GP Photo Slideshow (8.05)"],"_cs_severities":["high"],"_cs_tags":["cve","buffer overflow","seh overwrite","code execution"],"_cs_type":"threat","_cs_vendors":["Socusoft"],"content_html":"\u003cp\u003eSocusoft 3GP Photo Slideshow version 8.05 is vulnerable to a buffer overflow in its registration process. This vulnerability, identified as CVE-2018-25376, allows a local attacker to execute arbitrary code on a vulnerable system. The attack involves crafting malicious input in the Registration Name and Registration Key fields of the registration dialog. By exploiting the Structured Exception Handling (SEH) mechanism, the attacker can overwrite the SEH chain and redirect execution flow to attacker-controlled shellcode, leading to the potential for reverse shell access or other malicious activities. This poses a significant risk as it allows for privilege escalation and complete system compromise on affected machines.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains local access to a machine with Socusoft 3GP Photo Slideshow 8.05 installed.\u003c/li\u003e\n\u003cli\u003eThe attacker opens the Socusoft 3GP Photo Slideshow application.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the registration dialog within the application.\u003c/li\u003e\n\u003cli\u003eThe attacker enters a specially crafted, oversized string into the Registration Name field.\u003c/li\u003e\n\u003cli\u003eThe attacker enters a specially crafted, oversized string into the Registration Key field. These strings are designed to overwrite the Structured Exception Handler (SEH) record on the stack.\u003c/li\u003e\n\u003cli\u003eThe application attempts to process the registration data, triggering the buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe overwritten SEH record redirects execution to attacker-controlled code (shellcode).\u003c/li\u003e\n\u003cli\u003eThe shellcode executes, granting the attacker a reverse shell or other arbitrary code execution within the context of the application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2018-25376) allows a local attacker to execute arbitrary code with the privileges of the user running Socusoft 3GP Photo Slideshow 8.05. This can lead to complete system compromise, data theft, or further malicious activities. While the number of affected installations is unknown, the vulnerability poses a significant risk to any system running the vulnerable software.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process creations for \u003ccode\u003e3GPPhotoSlideshow.exe\u003c/code\u003e spawning unusual child processes or network connections, using a process_creation rule.\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring for \u003ccode\u003e3GPPhotoSlideshow.exe\u003c/code\u003e to detect unauthorized modifications to the executable or related files using a file_event rule.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eConsider uninstalling Socusoft 3GP Photo Slideshow 8.05 if it is not essential, or explore alternative, more secure photo slideshow software.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:16:36Z","date_published":"2026-05-26T14:16:36Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25376-socusoft-bo/","summary":"Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability (CVE-2018-25376) in the registration dialog, allowing local attackers to execute arbitrary code by overwriting the SEH chain.","title":"Socusoft 3GP Photo Slideshow v8.05 Buffer Overflow in Registration Dialog (CVE-2018-25376)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25376-socusoft-bo/"}],"language":"en","title":"CraftedSignal Threat Feed — 3GP Photo Slideshow (8.05)","version":"https://jsonfeed.org/version/1.1"}