Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH
Description
Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the Help > Register dialog to trigger a reverse shell with system privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Flash Slideshow Maker Professional 5.20 suffers a buffer overflow via the Help > Register dialog, allowing local attackers to execute arbitrary code with system privileges.
Vulnerability
Flash Slideshow Maker Professional version 5.20 contains a classic buffer overflow vulnerability (CWE-120) in its registration dialog. The software fails to validate the length of input copied into the Name and Code fields of the Help > Register dialog, allowing an attacker to overwrite the stack and control structured exception handling (SEH) metadata. Affected versions include all releases up to and including 5.20 [1][2].
Exploitation
An attacker with local access to the system must run the application, navigate to Help > Register, and paste a crafted payload into both the Name and Code fields, then click Ok. The payload exploits a SEH overwrite to redirect execution flow. A public exploit uses a ROP chain that includes a pop eax # pop esi # ret gadget from cximage.dll (version 5.9.9.c, with ASLR, Rebase, SafeSEH, and OS protections all disabled) [1]. The proof-of-concept generates a file exploit.txt whose content is pasted into the dialog; triggering the vulnerability then executes a reverse shell [1][2].
Impact
Successful exploitation gives the attacker a reverse shell with system privileges, granting full control over the affected Windows system. The impact is a complete compromise of confidentiality, integrity, and availability [1][2].
Mitigation
No official patch or vendor mitigation has been released for this vulnerability. The software vendor link (http://flash.dvd-photo-slideshow.com/) appears to be defunct or no longer maintained. Users are advised to discontinue use of Flash Slideshow Maker Professional and replace it with a supported alternative. This CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1][2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =5.20
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input length validation in the registration dialog's Name and Code fields allows a stack-based buffer overflow that overwrites the SEH chain."
Attack vector
A local attacker first generates a malicious payload using the provided Python exploit script, which writes the payload to "exploit.txt" [ref_id=1]. The attacker then launches the application, navigates to Help > Register, and pastes the entire payload into the "Name" and "Code" fields before clicking "Ok" [ref_id=1]. The oversized input overflows a stack buffer, overwriting the SEH chain with attacker-controlled addresses. When the exception handler is triggered, execution redirects to a `pop eax; pop esi; ret` gadget in `cximage.dll`, which leads to shellcode that spawns a reverse shell with system privileges [ref_id=1].
Affected code
The vulnerability resides in the registration dialog of Flash Slideshow Maker Professional 5.20. The "Name" and "Code" fields in the Help > Register dialog do not enforce length limits, allowing a buffer overflow when a crafted payload is pasted into them [ref_id=1]. The exploit targets the `cximage.dll` module (v5.9.9.c) at address `0x1011063f` to hijack Structured Exception Handling (SEH) [ref_id=1].
What the fix does
No patch or vendor advisory is included in the bundle. The exploit-db entry does not describe any official fix or updated version that addresses the vulnerability [ref_id=1]. The only remediation implied by the disclosure is to avoid using the affected software version (5.20) or to restrict local access to the machine, as the bug is triggered through the registration dialog [ref_id=1].
Preconditions
- networkAttacker must have local access to the Windows machine running Flash Slideshow Maker Professional 5.20
- inputThe application must be launched and the Help > Register dialog must be accessible
- authNo authentication is required beyond local desktop access
Reproduction
1. Run the Python exploit script to generate "exploit.txt" containing the crafted payload [ref_id=1]. 2. Copy the entire contents of "exploit.txt". 3. Start Flash Slideshow Maker Professional 5.20 and click Help > Register. 4. Paste the payload into the "Name" and "Code" fields, then click "Ok". 5. A reverse shell connects back to the attacker's machine (default LHOST 10.0.2.5, LPORT 1337) [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.exploit-db.com/exploits/45355mitreexploit
- www.vulncheck.com/advisories/flash-slideshow-maker-professional-buffer-overflow-sehmitrethird-party-advisory
- flash.dvd-photo-slideshow.commitreproduct
News mentions
0No linked articles in our index yet.