CVE-2009-3214

Photodex Proshow Gold - Memory Corruption

Title source: rule

Description

Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project (.psh) file, related to the (1) cell[n].images[m].image and (2) cell[n].sound.file fields.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16655

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by hack4love · perllocalwindows

https://www.exploit-db.com/exploits/9519

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by corelanc0d3r · perllocalwindows

https://www.exploit-db.com/exploits/9483

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/proshow_cellimage_bof.rb

View Code ZIP pw:eip

References (5)

[Various Sources] http://blog.bkis.com/?p=737

[Exploit] http://osvdb.org/57226

[Vendor Advisory] http://secunia.com/advisories/36357

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/505957/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/52606

Scores

EPSS 0.6667

EPSS Percentile 98.5%

Details

CWE

CWE-119

Status published

Products (1)

photodex/proshow_gold 4.0.2549

Published Sep 16, 2009

Tracked Since Feb 18, 2026