CVE-2012-10051
published 2025-08-08CVE-2012-10051: Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially…
PriorityP346high8.4CVSS 4.0
AVLACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.33%
24.6th percentile
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| photodex_corporation | proshow_producer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for creation or modification of a file named 'load' in the Photodex ProShow Producer installation directory, which is the attack vector for this buffer overflow exploit. ↗
- →Alert on ProShow Producer process startup following unexpected write activity to its installation directory, as exploitation is triggered at application launch. ↗
- →Focus detection on Windows XP SP3 and Windows 7 SP1 hosts running Photodex ProShow Producer 5.0.3256, as these are the confirmed vulnerable/tested platforms. ↗
- ·Exploitation requires local file write access to the installation directory AND user interaction (launching the application); this is not a remote, zero-interaction exploit. ↗
- ·The crafted 'load' file must be placed specifically in the ProShow Producer installation directory, not an arbitrary path, for the vulnerability to trigger. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://archive.org/details/PhotodexProShowProducer7.0.3514Keymaker_20180127https://erinkrespan.com/what-happened-to-photodex-proshow-producer/https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/proshow_load_bof.rbhttps://web.archive.org/web/20120727035341/http://security.inshell.net/advisory/30https://www.exploit-db.com/exploits/19563https://www.exploit-db.com/exploits/20109https://www.fortiguard.com/encyclopedia/ips/32753https://www.vulncheck.com/advisories/photodex-proshow-producer-load-file-handling-buffer-overflowhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/proshow_load_bof.rbhttps://www.exploit-db.com/exploits/19563https://www.exploit-db.com/exploits/20109
2025-08-08
Published