CVE-2020-37028:

Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field, allowing arbitrary code execution.

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.4High

Published Date:Jan 30, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.0
EPSS Percentile:2%

Exploitability

Score:2.5
Attack Vector:LOCAL
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field, allowing arbitrary code execution.

Overview

The vulnerability in Socusoft Photo to Video Converter Professional 8.07 is classified as a buffer overflow (CWE-120). It has a CVSS v3.1 base score of 8.4 (High severity) and a CVSS v4.0 base score of 8.4 (High severity). The vulnerability requires local access and low attack complexity, with no privileges required. While user interaction is necessary in CVSS v4.0, it is not required in CVSS v3.1. The potential impact of successful exploitation includes high confidentiality, integrity, and availability compromise of the affected system.

Remediation

To mitigate this vulnerability, users should:
1. Update to the latest version of Socusoft Photo to Video Converter Professional if a patched version is available.
2. Implement input validation and sanitization for the 'Output Folder' field to prevent buffer overflow attacks.
3. Apply the principle of least privilege to limit potential damage from exploitation.
4. Monitor for suspicious activity and unauthorized changes to system files.
5. Consider using alternative software solutions if no patch is available.