cbcvebase.
CVE-2012-10051
published 2025-08-08

CVE-2012-10051: Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially…

PriorityP346high8.4CVSS 4.0
AVLACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.33%
24.6th percentile
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.

Affected

1 ranges
VendorProductVersion rangeFixed in
photodex_corporationproshow_producer

Detection & IOCsextracted from sources · hover to see the quote

filenameload
  • Monitor for creation or modification of a file named 'load' in the Photodex ProShow Producer installation directory, which is the attack vector for this buffer overflow exploit.
  • Alert on ProShow Producer process startup following unexpected write activity to its installation directory, as exploitation is triggered at application launch.
  • Focus detection on Windows XP SP3 and Windows 7 SP1 hosts running Photodex ProShow Producer 5.0.3256, as these are the confirmed vulnerable/tested platforms.
  • ·Exploitation requires local file write access to the installation directory AND user interaction (launching the application); this is not a remote, zero-interaction exploit.
  • ·The crafted 'load' file must be placed specifically in the ProShow Producer installation directory, not an arbitrary path, for the vulnerability to trigger.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.