Critical Vulnerability Information Vulnerability Name Photodex ProShow Producer 5.0.3256 load file Handling Buffer Overflow Description This module exploits a stack buffer overflow in Photodex ProShow Producer v5.0.3256 when processing plugin load list files. The attacker must send a specially crafted load file to the victim and store it in the installation directory. When ProShow is reopened, the vulnerability is triggered. This module has been successfully tested on Windows XP SP3 and Windows 7 SP1. References OSVDB: 83745 EDB: 19035 URL: http://security.insshell.net/advisory/30 Default Options EXITFUNC: process Payload Configuration Space: 9844 BadChars: "\x00\x0a\x0d" StackAdjustment: -3500 Platform and Targets Platform: win Targets: - Photodex ProShow Producer 5.0.3256 / Windows XP SP3 / Windows 7 SP1 - Offset: 9844 - Ret: 0x1022A959 (p/p/r from if.dnt) Additional Information Privileged: false DisclosureDate: 2012-06-06 DefaultTarget: 0 Reliability: UNKNOWN_RELIABILITY Stability: UNKNOWN_STABILITY SideEffects: UNKNOWN_SIDE_EFFECTS