Cyber Resilience

CVE-2020-37161

HighPublic PoC

Published: 07 February 2026

Published
07 February 2026
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0087 54.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37161 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Wedding-Slideshow-Studio Wedding Slideshow Studio. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2020-37161 is a buffer overflow vulnerability (CWE-121) affecting Wedding Slideshow Studio version 1.36. The issue arises from overwriting the registration name field with a malicious payload, which allows attackers to execute arbitrary code. Published on 2026-02-07, it has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges, authentication, or user interaction. By crafting a specially designed payload for the registration name field, attackers achieve remote code execution, enabling them to run system commands such as launching the calculator.

Advisories from VulnCheck describe the buffer overflow in the name field leading to remote code execution. An exploit proof-of-concept is publicly available on Exploit-DB (exploit ID 48050). The vendor website is located at http://www.wedding-slideshow-studio.com/. No specific patch or mitigation details are provided in the referenced advisories.

EU & UK References

Vulnerability details

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability…

more

to run system commands like launching the calculator.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability allows remote attackers to achieve arbitrary code execution over the network with no privileges or user interaction via a buffer overflow in a network-accessible application, directly mapping to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37162Same product: Wedding-Slideshow-Studio Wedding Slideshow Studio
CVE-2026-38422Shared CWE-121
CVE-2025-11783Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2024-39359Shared CWE-121
CVE-2026-42469Shared CWE-121
CVE-2020-37159Shared CWE-121
CVE-2024-39603Shared CWE-121
CVE-2024-36258Shared CWE-121
CVE-2024-51138Shared CWE-121

Affected Assets

wedding-slideshow-studio
wedding slideshow studio
≤ 1.36

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates input to the registration name field to prevent buffer overflows from malicious payloads enabling RCE.

prevent

Implements memory protections like address space layout randomization and data execution prevention to mitigate buffer overflow exploitation.

prevent

Mandates flaw remediation through patching or removal of vulnerable Wedding Slideshow Studio 1.36 to eliminate the buffer overflow vulnerability.

References