PT-2019-11488 · Socusoft · Socusoft Co Photo 2 Video Converter

Published

2019-07-24

Updated

2021-07-21

CVE-2019-1010163

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Socusoft Co Photo 2 Video Converter version 8.0.0

Description: The issue affects the pdmlog.dll library, allowing for local shell-code execution and denial of service. This can lead to local privilege escalation under certain conditions, as well as denial-of-service. The attack requires the attacker to have access to the local system, either directly or remotely.

Recommendations: For Socusoft Co Photo 2 Video Converter version 8.0.0, consider restricting access to the pdmlog.dll library as a temporary mitigation measure until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-1010163

Affected Products

Socusoft Co Photo 2 Video Converter

PT-2019-11488 · Socusoft · Socusoft Co Photo 2 Video Converter

CVE-2019-1010163

Weakness Enumeration

Related Identifiers

Affected Products

References · 5