Photodex ProShow Producer Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Photodex ProShow Producer version 5.0.3256. The issue arises in the handling of plugin load list files, where the application fails to properly validate the contents of a specially crafted load file placed in the installation directory. This lack of validation leads to a buffer overflow when the file is parsed during application startup. Exploitation of this vulnerability requires local access to place the file and user interaction to launch the application.

Impact

Exploitation of this vulnerability allows for arbitrary code execution within the context of the application.

Reproduction

To reproduce this vulnerability, a crafted load file must be created and placed in the ProShow Producer installation directory. The file should be designed to exploit the buffer overflow by overwriting the stack. Once the file is in place, the application can be launched, triggering the vulnerability.