Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by socusoft
CVE-2018-25377 (GCVE-0-2018-25377)
Vulnerability from cvelistv5 – Published: 2026-05-25 14:15 – Updated: 2026-05-26 13:06
VLAI
Title
Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH
Summary
Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the Help > Register dialog to trigger a reverse shell with system privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45355 | exploit |
| http://flash.dvd-photo-slideshow.com/ | product |
| https://www.vulncheck.com/advisories/flash-slides… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SocuSoft | Flash Slideshow Maker Professional |
Affected:
5.20
|
Date Public
2018-09-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T13:05:43.288646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T13:06:35.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Flash Slideshow Maker Professional",
"vendor": "SocuSoft",
"versions": [
{
"status": "affected",
"version": "5.20"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shubham Singh"
}
],
"datePublic": "2018-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the Help \u003e Register dialog to trigger a reverse shell with system privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T14:15:20.756Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45355",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45355"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://flash.dvd-photo-slideshow.com/"
},
{
"name": "VulnCheck Advisory: Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/flash-slideshow-maker-professional-buffer-overflow-seh"
}
],
"title": "Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25377",
"datePublished": "2026-05-25T14:15:20.756Z",
"dateReserved": "2026-05-25T13:55:13.591Z",
"dateUpdated": "2026-05-26T13:06:35.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25376 (GCVE-0-2018-25376)
Vulnerability from cvelistv5 – Published: 2026-05-25 14:15 – Updated: 2026-05-26 15:01
VLAI
Title
Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH
Summary
Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration Key fields to overwrite the SEH chain and execute shellcode for reverse shell access.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45352 | exploit |
| http://www.dvd-photo-slideshow.com/3gp-photo-slid… | product |
| https://www.vulncheck.com/advisories/socusoft-3gp… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SocuSoft | 3GP Photo Slideshow |
Affected:
8.05
|
Date Public
2018-09-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25376",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T15:01:05.959650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:01:15.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "3GP Photo Slideshow",
"vendor": "SocuSoft",
"versions": [
{
"status": "affected",
"version": "8.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shubham Singh"
}
],
"datePublic": "2018-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration Key fields to overwrite the SEH chain and execute shellcode for reverse shell access."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T14:15:19.972Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45352",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45352"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.dvd-photo-slideshow.com/3gp-photo-slideshow.html"
},
{
"name": "VulnCheck Advisory: Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/socusoft-3gp-photo-slideshow-buffer-overflow-seh"
}
],
"title": "Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25376",
"datePublished": "2026-05-25T14:15:19.972Z",
"dateReserved": "2026-05-25T13:51:42.200Z",
"dateUpdated": "2026-05-26T15:01:15.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25375 (GCVE-0-2018-25375)
Vulnerability from cvelistv5 – Published: 2026-05-25 14:15 – Updated: 2026-05-26 12:48
VLAI
Title
SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH
Summary
SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and Registration Key fields to trigger a stack-based buffer overflow and execute a reverse shell payload.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45350 | exploit |
| http://www.dvd-photo-slideshow.com/ipod-photo-sli… | product |
| https://www.vulncheck.com/advisories/socusoft-ipo… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SocuSoft | iPod Photo Slideshow |
Affected:
8.05
|
Date Public
2018-09-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25375",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T12:48:03.190226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T12:48:20.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iPod Photo Slideshow",
"vendor": "SocuSoft",
"versions": [
{
"status": "affected",
"version": "8.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shubham Singh"
}
],
"datePublic": "2018-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and Registration Key fields to trigger a stack-based buffer overflow and execute a reverse shell payload."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T14:15:19.284Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45350",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45350"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.dvd-photo-slideshow.com/ipod-photo-slideshow.html"
},
{
"name": "VulnCheck Advisory: SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/socusoft-ipod-photo-slideshow-buffer-overflow-seh"
}
],
"title": "SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25375",
"datePublished": "2026-05-25T14:15:19.284Z",
"dateReserved": "2026-05-25T13:51:14.423Z",
"dateUpdated": "2026-05-26T12:48:20.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25373 (GCVE-0-2018-25373)
Vulnerability from cvelistv5 – Published: 2026-05-25 14:15 – Updated: 2026-05-27 16:09
VLAI
Title
DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH
Summary
SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45346 | exploit |
| http://www.dvd-photo-slideshow.com/ | product |
| https://www.vulncheck.com/advisories/dvd-photo-sl… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SocuSoft | DVD Photo Slideshow Professional |
Affected:
8.07
|
Date Public
2018-09-06 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25373",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T16:03:00.434784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T16:09:27.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DVD Photo Slideshow Professional",
"vendor": "SocuSoft",
"versions": [
{
"status": "affected",
"version": "8.07"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "T3jv1l"
}
],
"datePublic": "2018-09-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help \u003e Register to trigger code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T14:15:17.927Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45346",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45346"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.dvd-photo-slideshow.com/"
},
{
"name": "VulnCheck Advisory: DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dvd-photo-slideshow-professional-buffer-overflow-seh"
}
],
"title": "DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25373",
"datePublished": "2026-05-25T14:15:17.927Z",
"dateReserved": "2026-05-25T13:49:00.908Z",
"dateUpdated": "2026-05-27T16:09:27.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25689 (GCVE-0-2019-25689)
Vulnerability from cvelistv5 – Published: 2026-04-12 12:28 – Updated: 2026-04-15 15:21
VLAI
Title
HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH
Summary
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46279 | exploit |
| http://www.html5videoplayer.net/download.html | product |
| https://www.vulncheck.com/advisories/html5-video-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Html5Videoplayer | HTML5 Video Player |
Affected:
1.2.5
|
Date Public
2019-01-29 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25689",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T15:21:04.406355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T15:21:21.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HTML5 Video Player",
"vendor": "Html5Videoplayer",
"versions": [
{
"status": "affected",
"version": "1.2.5"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bplugins:html5_video_player:1.2.5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dino Covotsos - Telspace Systems"
}
],
"datePublic": "2019-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-12T12:28:45.236Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46279",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46279"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.html5videoplayer.net/download.html"
},
{
"name": "VulnCheck Advisory: HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/html5-video-player-local-buffer-overflow-non-seh"
}
],
"title": "HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25689",
"datePublished": "2026-04-12T12:28:45.236Z",
"dateReserved": "2026-04-05T15:31:44.950Z",
"dateUpdated": "2026-04-15T15:21:21.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37028 (GCVE-0-2020-37028)
Vulnerability from cvelistv5 – Published: 2026-01-30 22:07 – Updated: 2026-03-05 01:27
VLAI
Title
Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow
Summary
Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a stack-based buffer overflow and potentially execute shellcode.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48691 | exploit |
| https://web.archive.org/web/20190314225058/http:/… | product |
| https://www.vulncheck.com/advisories/socusoft-pho… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SOCUSOFT | Photo to Video Converter Professional |
Affected:
8.07
|
Date Public
2020-07-23 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37028",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T20:38:15.179878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T20:38:30.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Photo to Video Converter Professional",
"vendor": "SOCUSOFT",
"versions": [
{
"status": "affected",
"version": "8.07"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:socusoft:photo_2_video_converter:8.07:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "MasterVlad"
}
],
"datePublic": "2020-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the \u0027Output Folder\u0027 input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a stack-based buffer overflow and potentially execute shellcode."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:27:32.388Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48691",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48691"
},
{
"name": "Archived Vendor Homepage",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20190314225058/http://www.dvd-photo-slideshow.com/photo-to-video-converter.html"
},
{
"name": "VulnCheck Advisory: Socusoft Photo to Video Converter Professional 8.07 - \u0027Output Folder\u0027 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/socusoft-photo-to-video-converter-professional-output-folder-buffer-overflow"
}
],
"title": "Socusoft Photo to Video Converter Professional 8.07 - \u0027Output Folder\u0027 Buffer Overflow",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37028",
"datePublished": "2026-01-30T22:07:10.728Z",
"dateReserved": "2026-01-28T18:18:30.523Z",
"dateUpdated": "2026-03-05T01:27:32.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-1010163 (GCVE-0-2019-1010163)
Vulnerability from cvelistv5 – Published: 2019-07-24 11:42 – Updated: 2024-08-05 03:07
VLAI
Summary
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley).
Severity
No CVSS data available.
CWE
- Buffer Overflow - Local shell-code execution and Denial of Service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/145181/Socu… | x_refsource_MISC |
| https://ret2eax.github.io/posts/socusoft-bof.html | x_refsource_MISC |
| https://www.exploit-db.com/exploits/43208/ | exploitx_refsource_EXPLOIT-DB |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Socusoft Co | Photo 2 Video Converter |
Affected:
8.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/145181/SocuSoft-Co.-Photo-2-Video-Converter-8.0.0-Code-Execution-DoS.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ret2eax.github.io/posts/socusoft-bof.html"
},
{
"name": "Exploit Database",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43208/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo 2 Video Converter",
"vendor": "Socusoft Co",
"versions": [
{
"status": "affected",
"version": "8.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow - Local shell-code execution and Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-24T11:42:32.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/145181/SocuSoft-Co.-Photo-2-Video-Converter-8.0.0-Code-Execution-DoS.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ret2eax.github.io/posts/socusoft-bof.html"
},
{
"name": "Exploit Database",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43208/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo 2 Video Converter",
"version": {
"version_data": [
{
"version_value": "8.0.0"
}
]
}
}
]
},
"vendor_name": "Socusoft Co"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow - Local shell-code execution and Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/145181/SocuSoft-Co.-Photo-2-Video-Converter-8.0.0-Code-Execution-DoS.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145181/SocuSoft-Co.-Photo-2-Video-Converter-8.0.0-Code-Execution-DoS.html"
},
{
"name": "https://ret2eax.github.io/posts/socusoft-bof.html",
"refsource": "MISC",
"url": "https://ret2eax.github.io/posts/socusoft-bof.html"
},
{
"name": "Exploit Database",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43208/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010163",
"datePublished": "2019-07-24T11:42:32.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12439 (GCVE-0-2017-12439)
Vulnerability from cvelistv5 – Published: 2017-08-05 15:00 – Updated: 2024-08-05 18:36
VLAI
Summary
SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/143542/Flas… | x_refsource_MISC |
Date Public
2017-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:56.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/143542/Flash-Slideshow-Maker-Professional-XSS-Content-Forgery-Redirect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/143542/Flash-Slideshow-Maker-Professional-XSS-Content-Forgery-Redirect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/143542/Flash-Slideshow-Maker-Professional-XSS-Content-Forgery-Redirect.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/143542/Flash-Slideshow-Maker-Professional-XSS-Content-Forgery-Redirect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12439",
"datePublished": "2017-08-05T15:00:00.000Z",
"dateReserved": "2017-08-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:36:56.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}