DVD Photo Slideshow Professional 8.07 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/dvd-photo-slideshow-professional-8.07/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 26 May 2026 14:15:30 +0000SocuSoft DVD Photo Slideshow Professional Stack-Based Buffer Overflow (CVE-2018-25373)https://feed.craftedsignal.io/briefs/2026-05-dvd-photo-slideshow-overflow/Tue, 26 May 2026 14:15:30 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-dvd-photo-slideshow-overflow/SocuSoft DVD Photo Slideshow Professional 8.07 is vulnerable to a stack-based buffer overflow (CVE-2018-25373) in the registration name field, allowing local attackers to execute arbitrary code by exploiting structured exception handling.SocuSoft DVD Photo Slideshow Professional 8.07 is susceptible to a stack-based buffer overflow vulnerability, identified as CVE-2018-25373. This flaw resides within the registration name field and allows a local attacker to execute arbitrary code. The vulnerability can be exploited by leveraging structured exception handling (SEH) overwrite techniques. A malicious actor can craft a specially designed text file containing junk bytes, an overwritten SEH chain, and shellcode. This crafted payload can then be pasted into the Registration Name field via Help > Register to trigger code execution, thereby compromising the affected system. This vulnerability poses a significant risk, as it enables unauthorized code execution on a local machine.

Attack Chain

  1. Attacker crafts a malicious text file containing a buffer overflow payload.
  2. The payload includes junk bytes to reach the SEH overwrite point.
  3. The payload contains an overwritten SEH chain pointing to attacker-controlled code.
  4. The payload contains shellcode designed to execute arbitrary commands.
  5. The attacker opens the SocuSoft DVD Photo Slideshow Professional application.
  6. The attacker navigates to Help > Register within the application.
  7. The attacker pastes the crafted text file contents into the Registration Name field.
  8. The application attempts to process the oversized input, triggering the buffer overflow and SEH overwrite, leading to the execution of the attacker’s shellcode. The attacker achieves arbitrary code execution on the system.

Impact

Successful exploitation of this vulnerability (CVE-2018-25373) allows a local attacker to execute arbitrary code within the context of the SocuSoft DVD Photo Slideshow Professional application. This could lead to complete system compromise, data theft, or installation of malware. Since the vulnerability is local, an attacker needs prior access to the system. The impact is high due to the potential for complete system compromise.

Recommendation

  • Apply any available patches or updates from SocuSoft to address CVE-2018-25373 if they exist.
  • Monitor process creation events for unexpected processes launched by the DVDPhotoSlideshow.exe application using the provided Sigma rule.
  • Implement restrictions on pasting from the clipboard into applications, where possible, to mitigate the attack vector described.
]]>highadvisorybuffer-overflowcode-executionwindows