CVE-2020-37161

CriticalPublic PoC

Published: 07 February 2026

Published

07 February 2026

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37161 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Wedding-Slideshow-Studio Wedding Slideshow Studio. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates input to the registration name field to prevent buffer overflows from malicious payloads enabling RCE.

SI-16 Memory Protection good match

prevent

Implements memory protections like address space layout randomization and data execution prevention to mitigate buffer overflow exploitation.

SI-2 Flaw Remediation good match

prevent

Mandates flaw remediation through patching or removal of vulnerable Wedding Slideshow Studio 1.36 to eliminate the buffer overflow vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows remote attackers to achieve arbitrary code execution over the network with no privileges or user interaction via a buffer overflow in a network-accessible application, directly mapping to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability…

to run system commands like launching the calculator.

Deeper analysisAI

CVE-2020-37161 is a buffer overflow vulnerability (CWE-121) affecting Wedding Slideshow Studio version 1.36. The issue arises from overwriting the registration name field with a malicious payload, which allows attackers to execute arbitrary code. Published on 2026-02-07, it has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges, authentication, or user interaction. By crafting a specially designed payload for the registration name field, attackers achieve remote code execution, enabling them to run system commands such as launching the calculator.

Advisories from VulnCheck describe the buffer overflow in the name field leading to remote code execution. An exploit proof-of-concept is publicly available on Exploit-DB (exploit ID 48050). The vendor website is located at http://www.wedding-slideshow-studio.com/. No specific patch or mitigation details are provided in the referenced advisories.