{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/socusoft/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25376"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["3GP Photo Slideshow (8.05)"],"_cs_severities":["high"],"_cs_tags":["cve","buffer overflow","seh overwrite","code execution"],"_cs_type":"threat","_cs_vendors":["Socusoft"],"content_html":"\u003cp\u003eSocusoft 3GP Photo Slideshow version 8.05 is vulnerable to a buffer overflow in its registration process. This vulnerability, identified as CVE-2018-25376, allows a local attacker to execute arbitrary code on a vulnerable system. The attack involves crafting malicious input in the Registration Name and Registration Key fields of the registration dialog. By exploiting the Structured Exception Handling (SEH) mechanism, the attacker can overwrite the SEH chain and redirect execution flow to attacker-controlled shellcode, leading to the potential for reverse shell access or other malicious activities. This poses a significant risk as it allows for privilege escalation and complete system compromise on affected machines.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains local access to a machine with Socusoft 3GP Photo Slideshow 8.05 installed.\u003c/li\u003e\n\u003cli\u003eThe attacker opens the Socusoft 3GP Photo Slideshow application.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the registration dialog within the application.\u003c/li\u003e\n\u003cli\u003eThe attacker enters a specially crafted, oversized string into the Registration Name field.\u003c/li\u003e\n\u003cli\u003eThe attacker enters a specially crafted, oversized string into the Registration Key field. These strings are designed to overwrite the Structured Exception Handler (SEH) record on the stack.\u003c/li\u003e\n\u003cli\u003eThe application attempts to process the registration data, triggering the buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe overwritten SEH record redirects execution to attacker-controlled code (shellcode).\u003c/li\u003e\n\u003cli\u003eThe shellcode executes, granting the attacker a reverse shell or other arbitrary code execution within the context of the application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2018-25376) allows a local attacker to execute arbitrary code with the privileges of the user running Socusoft 3GP Photo Slideshow 8.05. This can lead to complete system compromise, data theft, or further malicious activities. While the number of affected installations is unknown, the vulnerability poses a significant risk to any system running the vulnerable software.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process creations for \u003ccode\u003e3GPPhotoSlideshow.exe\u003c/code\u003e spawning unusual child processes or network connections, using a process_creation rule.\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring for \u003ccode\u003e3GPPhotoSlideshow.exe\u003c/code\u003e to detect unauthorized modifications to the executable or related files using a file_event rule.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eConsider uninstalling Socusoft 3GP Photo Slideshow 8.05 if it is not essential, or explore alternative, more secure photo slideshow software.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:16:36Z","date_published":"2026-05-26T14:16:36Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25376-socusoft-bo/","summary":"Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability (CVE-2018-25376) in the registration dialog, allowing local attackers to execute arbitrary code by overwriting the SEH chain.","title":"Socusoft 3GP Photo Slideshow v8.05 Buffer Overflow in Registration Dialog (CVE-2018-25376)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25376-socusoft-bo/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25375"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["iPod Photo Slideshow (8.05)"],"_cs_severities":["high"],"_cs_tags":["buffer-overflow","cve-2018-25375","local-privilege-escalation"],"_cs_type":"advisory","_cs_vendors":["SocuSoft"],"content_html":"\u003cp\u003eCVE-2018-25375 identifies a critical stack-based buffer overflow vulnerability affecting SocuSoft iPod Photo Slideshow version 8.05. This vulnerability resides within the registration dialog of the software. A local attacker can exploit this flaw by providing specially crafted input to the \u0026ldquo;Registration Name\u0026rdquo; and \u0026ldquo;Registration Key\u0026rdquo; fields. Successfully exploiting this buffer overflow allows the attacker to overwrite the structured exception handler (SEH), leading to arbitrary code execution with the privileges of the currently logged-in user. This can lead to a full system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to a Windows system with SocuSoft iPod Photo Slideshow 8.05 installed.\u003c/li\u003e\n\u003cli\u003eAttacker launches the SocuSoft iPod Photo Slideshow application.\u003c/li\u003e\n\u003cli\u003eAttacker navigates to the registration dialog within the application.\u003c/li\u003e\n\u003cli\u003eAttacker enters a malicious string into the \u0026ldquo;Registration Name\u0026rdquo; field exceeding the expected buffer size.\u003c/li\u003e\n\u003cli\u003eAttacker enters a malicious string into the \u0026ldquo;Registration Key\u0026rdquo; field exceeding the expected buffer size.\u003c/li\u003e\n\u003cli\u003eThe application attempts to process the overly long input strings, causing a stack-based buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe structured exception handler (SEH) is overwritten with attacker-controlled data, pointing to malicious code.\u003c/li\u003e\n\u003cli\u003eWhen an exception occurs (triggered by the overflow), control is transferred to the overwritten SEH, resulting in the execution of arbitrary code, such as a reverse shell.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a local attacker to execute arbitrary code on the targeted system. This could lead to complete system compromise, including the installation of malware, exfiltration of sensitive data, and denial of service. Since the attacker gains the privileges of the user running the application, impact is dependent on user permissions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock execution of SocuSoft iPod Photo Slideshow 8.05 until a patch is available to prevent exploitation of CVE-2018-25375.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unexpected processes spawned by \u003ccode\u003eiPodPhotoSlideshow.exe\u003c/code\u003e to detect potential exploitation attempts using the rule below.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:16:15Z","date_published":"2026-05-26T14:16:15Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25375-buffer-overflow/","summary":"SocuSoft iPod Photo Slideshow 8.05 contains a stack-based buffer overflow vulnerability (CVE-2018-25375) in the registration dialog, allowing a local attacker to execute arbitrary code by overwriting the structured exception handler via crafted input.","title":"SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow Vulnerability (CVE-2018-25375)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25375-buffer-overflow/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25373"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DVD Photo Slideshow Professional 8.07"],"_cs_severities":["high"],"_cs_tags":["buffer-overflow","code-execution","windows"],"_cs_type":"advisory","_cs_vendors":["SocuSoft"],"content_html":"\u003cp\u003eSocuSoft DVD Photo Slideshow Professional 8.07 is susceptible to a stack-based buffer overflow vulnerability, identified as CVE-2018-25373. This flaw resides within the registration name field and allows a local attacker to execute arbitrary code. The vulnerability can be exploited by leveraging structured exception handling (SEH) overwrite techniques. A malicious actor can craft a specially designed text file containing junk bytes, an overwritten SEH chain, and shellcode. This crafted payload can then be pasted into the Registration Name field via Help \u0026gt; Register to trigger code execution, thereby compromising the affected system. This vulnerability poses a significant risk, as it enables unauthorized code execution on a local machine.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious text file containing a buffer overflow payload.\u003c/li\u003e\n\u003cli\u003eThe payload includes junk bytes to reach the SEH overwrite point.\u003c/li\u003e\n\u003cli\u003eThe payload contains an overwritten SEH chain pointing to attacker-controlled code.\u003c/li\u003e\n\u003cli\u003eThe payload contains shellcode designed to execute arbitrary commands.\u003c/li\u003e\n\u003cli\u003eThe attacker opens the SocuSoft DVD Photo Slideshow Professional application.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to Help \u0026gt; Register within the application.\u003c/li\u003e\n\u003cli\u003eThe attacker pastes the crafted text file contents into the Registration Name field.\u003c/li\u003e\n\u003cli\u003eThe application attempts to process the oversized input, triggering the buffer overflow and SEH overwrite, leading to the execution of the attacker\u0026rsquo;s shellcode. The attacker achieves arbitrary code execution on the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2018-25373) allows a local attacker to execute arbitrary code within the context of the SocuSoft DVD Photo Slideshow Professional application. This could lead to complete system compromise, data theft, or installation of malware. Since the vulnerability is local, an attacker needs prior access to the system. The impact is high due to the potential for complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates from SocuSoft to address CVE-2018-25373 if they exist.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unexpected processes launched by the \u003ccode\u003eDVDPhotoSlideshow.exe\u003c/code\u003e application using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement restrictions on pasting from the clipboard into applications, where possible, to mitigate the attack vector described.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:15:30Z","date_published":"2026-05-26T14:15:30Z","id":"https://feed.craftedsignal.io/briefs/2026-05-dvd-photo-slideshow-overflow/","summary":"SocuSoft DVD Photo Slideshow Professional 8.07 is vulnerable to a stack-based buffer overflow (CVE-2018-25373) in the registration name field, allowing local attackers to execute arbitrary code by exploiting structured exception handling.","title":"SocuSoft DVD Photo Slideshow Professional Stack-Based Buffer Overflow (CVE-2018-25373)","url":"https://feed.craftedsignal.io/briefs/2026-05-dvd-photo-slideshow-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Socusoft","version":"https://jsonfeed.org/version/1.1"}