CVE-2020-37161
Unknown Unknown - Not Provided
Buffer Overflow in Wedding Slideshow Studio 1.36 Enables Remote Code Execution

Publication date: 2026-02-07

Last updated on: 2026-02-24

Assigner: VulnCheck

Description
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-07
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37161
EUVD
EUVD-2020-31113
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wedding-slideshow-studio wedding_slideshow_studio to 1.36 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37161 is a critical stack-based buffer overflow vulnerability in Wedding Slideshow Studio version 1.36 and earlier. The flaw exists in the handling of the registration name field, where an attacker can supply a specially crafted payload that overflows the buffer.

This overflow enables arbitrary code execution, allowing attackers to run system commands on the affected system. For example, an attacker can launch applications like the calculator by exploiting this vulnerability.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary code on the affected system by exploiting a buffer overflow in the registration name field.

  • Attackers can run system commands remotely or locally, potentially gaining control over the system.
  • It can lead to a complete compromise of confidentiality, integrity, and availability of the system.
  • Malicious actors could use this to install malware, steal data, or disrupt system operations.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the buffer overflow condition in the Wedding Slideshow Studio 1.36 application, specifically by inputting a specially crafted payload into the Registration Name field.'}, {'type': 'paragraph', 'content': "One practical detection method is to use the provided exploit technique: create a payload similar to the one described in the exploit (e.g., a 256-byte buffer of 'A's followed by SEH overwrite sequences) and input it into the Registration Name field via the program's registration menu."}, {'type': 'paragraph', 'content': 'There are no specific network commands for detection since the attack vector is local (AV:L), but on the system, you can monitor for abnormal behavior or crashes when the Registration Name field is manipulated.'}, {'type': 'paragraph', 'content': 'No direct command-line tools or commands are provided in the resources to detect this vulnerability automatically.'}] [2, 3]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the vulnerable Wedding Slideshow Studio version 1.36 or earlier, especially refraining from entering untrusted or suspicious input into the Registration Name field.

Since the vulnerability requires local user interaction, restricting access to the affected application and limiting user privileges can reduce the risk of exploitation.

Applying any available patches or updates from the software vendor would be the best long-term mitigation, although no patch information is provided in the resources.

Monitoring for unusual application crashes or behavior related to the registration process can help identify exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37161. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart