SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH
Description
SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and Registration Key fields to trigger a stack-based buffer overflow and execute a reverse shell payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SocuSoft iPod Photo Slideshow 8.05 contains a stack-based buffer overflow in its registration dialog, allowing local attackers to execute arbitrary code via crafted input.
Vulnerability
SocuSoft iPod Photo Slideshow version 8.05 (and possibly earlier) contains a stack-based buffer overflow vulnerability in the registration dialog [1][2]. The flaw resides in the handling of the "Registration Name" and "Registration Key" fields, where insufficient bounds checking allows an attacker to overwrite the structured exception handler (SEH) on the stack [1]. The software is designed for Windows and was tested on Windows XP SP3 [1].
Exploitation
Exploitation requires local access to the system and the ability to run the application [1][2]. The attacker crafts a malicious payload (e.g., using a Python exploit script) that fills the buffer with a specific pattern to overwrite the SEH chain [1]. The payload includes a short jump (nseh) and a pointer to a pop edi; pop esi; ret gadget from DVDPhotoData.dll (which lacks ASLR, Rebase, SafeSEH) [1]. After generating the exploit file, the attacker copies the content into both the "Registration Name" and "Registration Key" fields, then clicks "Apply" and "Ok" [1]. This triggers the overflow and executes the attacker's shellcode, which in the proof-of-concept is a reverse shell to a specified IP and port [1].
Impact
Successful exploitation allows a local attacker to execute arbitrary code with the privileges of the user running the application [1][2]. The provided exploit demonstrates a reverse shell, giving the attacker interactive command execution on the victim machine [1]. The impact includes full compromise of confidentiality, integrity, and availability of the affected system [2].
Mitigation
As of the available references, no official patch has been released by SocuSoft [1]. The vendor reportedly did not respond to the disclosure [1]. Users should consider upgrading to a newer version if available, or discontinuing use of the software. Since the vulnerability requires local access, limiting user privileges and applying the principle of least privilege can reduce risk. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =8.05
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds checking on the Registration Name and Registration Key input fields allows a stack-based buffer overflow that overwrites the structured exception handler."
Attack vector
An attacker must have local access to the Windows machine and run the SocuSoft iPod Photo Slideshow application. The attacker crafts a malicious payload file (e.g., `exploit.txt`) containing a long string of padding, an SEH overwrite address (`0x1004793e` from `DVDPhotoData.dll`), and shellcode [ref_id=1]. The attacker then opens the application, navigates to Help > Register, pastes the payload into the "Registration Name" and "Registration Key" fields, and clicks Apply then OK [ref_id=1]. This triggers a stack-based buffer overflow that overwrites the SEH chain, leading to arbitrary code execution [ref_id=1].
Affected code
The vulnerability resides in the registration dialog of SocuSoft iPod Photo Slideshow 8.05. The binary `DVDPhotoData.dll` (version 8.0.5.0) contains the vulnerable code path that processes the "Registration Name" and "Registration Key" fields without bounds checking [ref_id=1]. The exploit targets a structured exception handler (SEH) overwrite at offset 548 bytes into the input buffer [ref_id=1].
What the fix does
No patch has been published by the vendor; the exploit author reported the issue but received no reply [ref_id=1]. The advisory does not provide any remediation guidance. Users are advised to discontinue use of the affected software or apply input-length validation on the registration fields as a workaround.
Preconditions
- networkAttacker must have local access to the Windows system running the application
- inputThe application must be started and the user must navigate to Help > Register
- authNo authentication or special privileges required beyond local desktop access
Reproduction
1. Run the provided Python exploit script to generate `exploit.txt` containing the malicious payload [ref_id=1]. 2. Copy the entire contents of `exploit.txt`. 3. Start the SocuSoft iPod Photo Slideshow application. 4. Click "Help" > "Register ...". 5. Paste the payload into the "Registration Name" and "Registration Key" fields. 6. Click "Apply" then "Ok". A reverse shell will connect back to the attacker's machine [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.exploit-db.com/exploits/45350mitreexploit
- www.vulncheck.com/advisories/socusoft-ipod-photo-slideshow-buffer-overflow-sehmitrethird-party-advisory
- www.dvd-photo-slideshow.com/ipod-photo-slideshow.htmlmitreproduct
News mentions
0No linked articles in our index yet.