Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH
Description
Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration Key fields to overwrite the SEH chain and execute shellcode for reverse shell access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow in the registration dialog, enabling local attackers to execute arbitrary code via SEH overwrite.
Vulnerability
Socusoft 3GP Photo Slideshow version 8.05 (and possibly earlier) contains a classic buffer overflow vulnerability (CWE-120) in the registration dialog. The application fails to validate the length of input supplied to the Registration Name and Registration Key fields, allowing an attacker to overwrite the structured exception handler (SEH) chain. The vulnerability is present in the DVDPhotoData.dll module, which lacks ASLR, SafeSEH, and rebase protections [1][2].
Exploitation
An attacker with local access to the system can exploit this vulnerability without authentication. The attacker crafts a malicious payload containing shellcode, a SEH overwrite, and a NOP sled. The payload is placed into the Registration Name and Registration Key fields via copy-paste. When the user clicks "Apply" and then "Ok", the overflow triggers a SEH exception. The SEH handler is overwritten with a pointer to a pop ebx; pop ecx; ret gadget at address 0x10030b2d in DVDPhotoData.dll, which redirects execution to the attacker's shellcode. The shellcode (e.g., a reverse shell) executes with the privileges of the current user [1].
Impact
Successful exploitation allows an attacker to execute arbitrary code on the target system. The attacker gains a reverse shell, enabling full control over the affected machine with the privileges of the logged-in user. This can lead to data theft, installation of malware, or further lateral movement within the network [1][2].
Mitigation
As of the publication date, no official patch or updated version has been released by Socusoft to address this vulnerability. The software may be end-of-life. Users are advised to discontinue use of Socusoft 3GP Photo Slideshow or restrict local access to trusted users only. No workaround is available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [1][2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=8.05
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds checking on the Registration Name and Registration Key fields allows a stack-based buffer overflow that overwrites the Structured Exception Handling (SEH) chain."
Attack vector
A local attacker crafts a malicious payload (e.g. via `exploit.txt`) containing 512 bytes of padding, a short jump overwriting the next Structured Exception Handler (nSEH), and a return address overwriting the SEH pointer to a `pop ebx; pop ecx; ret` gadget at address `0x10030b2d` in `DVDPhotoData.dll`. The attacker then launches the application, navigates to Help > Register, pastes the payload into the Registration Name and Registration Key fields, and clicks Apply then Ok. This overwrites the SEH chain, causing the handler to redirect execution to attacker-controlled shellcode that spawns a reverse shell [ref_id=1].
Affected code
The vulnerability resides in the registration dialog of Socusoft 3GP Photo Slideshow 8.05. The binary `DVDPhotoData.dll` (v8.0.5.0) contains a buffer overflow when processing the Registration Name and Registration Key fields. The DLL has ASLR disabled, Rebase disabled, SafeSEH disabled, and is not compiled for Windows 8+ [ref_id=1].
What the fix does
No vendor patch is provided in the bundle. The advisory does not indicate that Socusoft ever released a fix for this vulnerability. The only remediation documented is the exploit proof-of-concept itself, which demonstrates the overflow but does not offer a patched binary or workaround [ref_id=1].
Preconditions
- authAttacker must have local access to the Windows system to run the application and paste payload into registration fields.
- configThe target must be running Socusoft 3GP Photo Slideshow version 8.05 on a Windows environment (tested on Windows XP SP3 x86).
- inputThe payload must be delivered via the Registration Name and Registration Key fields in the Help > Register dialog.
Reproduction
1. Run the Python exploit script to generate `exploit.txt` containing the crafted payload. 2. Copy the entire contents of `exploit.txt`. 3. Start Socusoft 3GP Photo Slideshow 8.05. 4. Click Help > Register. 5. Paste the payload into the Registration Name field and again into the Registration Key field. 6. Click Apply, then Ok. A reverse shell will connect back to the attacker's listener [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.exploit-db.com/exploits/45352mitreexploit
- www.vulncheck.com/advisories/socusoft-3gp-photo-slideshow-buffer-overflow-sehmitrethird-party-advisory
- www.dvd-photo-slideshow.com/3gp-photo-slideshow.htmlmitreproduct
News mentions
0No linked articles in our index yet.