CVE-2012-10051

Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://archive.org/details/PhotodexProShowProducer7.0.3514Keymaker_20180127
https://erinkrespan.com/what-happened-to-photodex-proshow-producer/
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/proshow_load_bof.rb
https://web.archive.org/web/20120727035341/http://security.inshell.net/advisory/30
https://www.exploit-db.com/exploits/19563
https://www.exploit-db.com/exploits/20109
https://www.fortiguard.com/encyclopedia/ips/32753
https://www.vulncheck.com/advisories/photodex-proshow-producer-load-file-handling-buffer-overflow
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/proshow_load_bof.rb
https://www.exploit-db.com/exploits/19563
https://www.exploit-db.com/exploits/20109