SocuSoft DVD Photo Slideshow Professional Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in SocuSoft DVD Photo Slideshow Professional version 8.07. The issue resides in the registration name field, where local attackers can exploit structured exception handling to execute arbitrary code. By crafting a malicious text file with a payload that includes junk bytes, an overwrite of the SEH chain, and shellcode, attackers can paste this content into the Registration Name field via the Help > Register menu, triggering the execution of the injected code.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, create a text file containing a payload with junk bytes, an overwrite of the structured exception handling (SEH) chain, and shellcode. Then, paste this crafted payload into the Registration Name field through the Help > Register option. The application will execute the injected code, demonstrating the buffer overflow vulnerability.