1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Photodex ProShow Gold CVE-2009-3214 2

Attack: Photodex ProShow Gold CVE-2009-3214 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a stack-based buffer overflow vulnerability in Photodex ProShow Gold which could result in remote code execution.

Additional Information

Photodex ProShow Gold is a slide show application available for Microsoft Windows.

The application is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted '.psh' file containing overly long 'cell[n].images[m].image' and 'cell[n].sound.file' fields.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Affected

  • Photodex ProShow Gold 4.0.2549 is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube