CVE-2012-10051

Exploit

EPSS 6.9%
Veröffentlicht 08.08.2025 18:11:52
Zuletzt bearbeitet 08.08.2025 20:30:18
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerPhotodex Corporation

≫

Produkt ProShow Producer

Default Statusunknown

Version 5.0.3256

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.9%	0.911

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	8.4	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/proshow_load_bof.rb

https://www.exploit-db.com/exploits/19563

https://www.exploit-db.com/exploits/20109

https://web.archive.org/web/20120727035341/http://security.inshell.net/advisory/30

https://www.fortiguard.com/encyclopedia/ips/32753

https://erinkrespan.com/what-happened-to-photodex-proshow-producer/

https://archive.org/details/PhotodexProShowProducer7.0.3514Keymaker_20180127

https://www.vulncheck.com/advisories/photodex-proshow-producer-load-file-handling-buffer-overflow

https://nvd.nist.gov/vuln/detail/CVE-2012-10051

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-10051

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-10051

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-10051