CVE-2019-25274

HIGH

ProShow Producer 9.0.3797 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25274. PoCs published by ZwX.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in ProShow Producer 9.0.3797. The service 'ScsiAccess' has a binary path with spaces, which could potentially allow local privilege escalation if an attacker can place a malicious executable in a higher-level directory.

Description

ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

Exploits (1)

exploitdb WRITEUP
by ZwX · textlocalwindows
https://www.exploit-db.com/exploits/47705

This is a writeup describing an unquoted service path vulnerability in ProShow Producer 9.0.3797. The service 'ScsiAccess' has a binary path with spaces, which could potentially allow local privilege escalation if an attacker can place a malicious executable in a higher-level directory.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: ProShow Producer 9.0.3797
Auth required
Prerequisites: Local access to the system · Ability to write to the root of C:\ or C:\Program Files\
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47705
Various Sources product
http://www.photodex.com/

Scores

CVSS v3 7.8
EPSS 0.0015
EPSS Percentile 4.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
Photodex/ProShow Producer 9.0.3797
Published Feb 05, 2026
Tracked Since Feb 18, 2026