PT-2009-5530 · Photodex · Proshow Gold
Published
2009-09-16
·
Updated
2018-10-10
·
CVE-2009-3214
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Photodex ProShow Gold version 4.0.2549
Description
The issue is related to multiple stack-based buffer overflows that can be triggered by a crafted Slideshow project (.psh) file. This is specifically tied to the
cell[n].images[m].image and cell[n].sound.file fields, allowing remote attackers to execute arbitrary code.Recommendations
For Photodex ProShow Gold version 4.0.2549, consider avoiding the use of crafted Slideshow project (.psh) files until a patch is available. As a temporary workaround, restrict access to files that could potentially exploit the
cell[n].images[m].image and cell[n].sound.file fields to minimize the risk of arbitrary code execution.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proshow Gold