Flash Slideshow Maker Professional Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in Flash Slideshow Maker Professional version 5.20, specifically within the registration dialog. This vulnerability allows local attackers to execute arbitrary code by exploiting structured exception handling. By crafting a malicious payload and pasting it into the Name and Code fields of the Help > Register dialog, attackers can trigger a reverse shell with system privileges.

Impact

Exploitation of this vulnerability leads to arbitrary code execution with system privileges.

Reproduction

To reproduce this vulnerability, first run the Python exploit script available on Exploit Database. This script creates a payload and saves it to a file named 'exploit.txt'. After running the script, open Flash Slideshow Maker Professional 5.20 and navigate to 'Help' > 'Register'. Paste the contents of 'exploit.txt' into the Name and Code fields, then click 'OK'. This action will trigger the reverse shell payload, resulting in a shell on the attacker's machine.