CVE-2020-37161

EUVD-2020-31113
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
wedding-slideshow-studiowedding_slideshow_studio
𝑥
≤ 1.36
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.wedding-slideshow-studio.com/
https://www.exploit-db.com/exploits/48050
https://www.vulncheck.com/advisories/wedding-slideshow-studio-name-buffer-overflow