CVE-2020-37162
9.8 CRITICALPublished 2026-02-07 · Modified 2026-02-09 · Awaiting Analysis
Quick Summary
A critical flaw in Wedding Slideshow Studio 1.36 allows attackers to take over a computer by entering a specially crafted, overly long registration key. This matters because it lets an attacker run any code they want on the victim's system.
Who is affected
Users of Wedding Slideshow Studio 1.36 are affected. An attacker on the same network could exploit this to install malware, steal data, or gain full control of the system.
Recommended fix
Update to a patched version of the software if available from the vendor. As a workaround, block the application's network access and avoid entering untrusted registration keys.
Technical Description
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-122