CVE-2020-37028: Socusoft Photo to Video Buffer Overflow

CVE-2020-37028 Overview

Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a stack-based buffer overflow and potentially execute shellcode.

Critical Impact

Local attackers can achieve arbitrary code execution by exploiting a stack-based buffer overflow in the Output Folder input field, potentially leading to complete system compromise.

Affected Products

• Socusoft Photo to Video Converter Professional version 8.07

Discovery Timeline

• 2026-01-30 - CVE CVE-2020-37028 published to NVD
• 2026-02-04 - Last updated in NVD database

Technical Details for CVE-2020-37028

Vulnerability Analysis

This vulnerability is classified as CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). The application fails to properly validate the length of user-supplied input in the 'Output Folder' input field before copying it to a fixed-size stack buffer. When an attacker supplies an excessively long string, the buffer boundary is exceeded, overwriting adjacent memory on the stack including the return address pointer.

The local attack vector requires user interaction—specifically, the victim must paste the malicious payload into the application's Output Folder field. Once triggered, the overflow allows the attacker to redirect program execution to attacker-controlled shellcode, enabling arbitrary code execution within the context of the application.

Root Cause

The root cause stems from improper input validation in the Output Folder handling routine. The application uses an unsafe string copy operation that does not perform bounds checking, allowing data to overflow the destination buffer. This classic programming error is indicative of legacy code that predates modern secure coding practices and lacks proper input length validation before memory operations.

Attack Vector

The attack requires local access to the target system and user interaction to paste the malicious payload. An attacker would craft a specially formatted string containing padding bytes, a carefully calculated offset to overwrite the return address, and shellcode to execute upon gaining control of the instruction pointer. The payload is delivered via the application's user interface by pasting the malicious string into the Output Folder input field.

The vulnerability mechanism involves overflowing the stack buffer allocated for the output folder path, overwriting the saved return address with a pointer to attacker-controlled shellcode. When the vulnerable function returns, execution is redirected to the malicious code. Technical details and proof-of-concept information can be found in the Exploit-DB #48691 entry and the VulnCheck Advisory.

Detection Methods for CVE-2020-37028

Indicators of Compromise

• Unusual process behavior from photo-to-video-converter.exe including unexpected child processes or network connections
• Abnormal memory access patterns or crash dumps from the Socusoft application
• Evidence of shellcode execution or suspicious code injection in process memory space
• Anomalous file system activity originating from the application process

Detection Strategies

• Deploy endpoint detection and response (EDR) solutions to monitor for stack-based buffer overflow exploitation attempts
• Implement application whitelisting to prevent execution of unauthorized code spawned from the vulnerable application
• Configure security tools to alert on process anomalies such as unexpected child process creation from the Socusoft application
• Monitor for Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) bypass attempts

Monitoring Recommendations

• Enable detailed application event logging and forward logs to SIEM for correlation analysis
• Configure host-based intrusion detection systems to monitor the vulnerable application's memory operations
• Implement behavioral monitoring for the application executable to detect deviations from normal execution patterns

How to Mitigate CVE-2020-37028

Immediate Actions Required

• Remove or disable Socusoft Photo to Video Converter Professional 8.07 from systems until a patched version is available
• Implement application control policies to restrict execution of the vulnerable software
• Restrict access to systems running the vulnerable application to trusted users only
• Consider migrating to alternative software solutions that receive active security updates

Patch Information

No vendor patch is currently available for this vulnerability. The software appears to be unmaintained based on archived product information. Organizations should prioritize removing this software from their environments and transitioning to actively maintained alternatives.

Workarounds

• Uninstall the vulnerable software from production and sensitive systems
• If removal is not immediately possible, restrict application usage to isolated, non-networked systems
• Implement strict user access controls to limit who can interact with the application
• Enable exploit mitigation technologies such as DEP and ASLR at the operating system level to increase exploitation difficulty

Organizations are strongly encouraged to phase out use of this unmaintained software in favor of actively supported alternatives that adhere to modern secure development practices.