Photo DVD Maker Professional Buffer Overflow Vulnerability

2009.07.11
Credit: Bkis
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Title : Photo DVD Maker Professional Buffer Overflow Vulnerability 1. General Information Photo DVD Maker Professional is a tool allows you to create entertaining photo slideshows with many file formats supported. Bkis has just detected a vulnerability in the software related to the processing of Photo DVD Maker Professional project files (?.pdm?). This vulnerability permits hackers to execute malicious code on users? systems. Details : http://blog.bkis.com/?p=713 Bkis Advisory : Bkis-10-2009 Initial vendor notification : 12/06/2009 Release Date : 06/07/2009 Update Date : 06/07/2009 Discovered by : Le Duc Anh - Bkis Attack Type : Buffer Overflow Security Rating : High Impact : Code Execution Affected Software : Photo DVD Maker Professional version <= 8.02 (Prior versions may also be affected). PoC : http://blog.bkis.com/wp-content/uploads/2009/07/photodvdmaker_poc.pdm 2. Technical Description PDM files are used to store essential information about a Photo DVD Maker Professional Project (in XML format). The software performs inadequate check for the length of a File_Name tag. This results in a critical buffer overflow error when set with an overly long value. In order to exploit, a hacker might create a specially crafted ?.pdm? file and trick users into using it. If successful, hackers can perform local attack, inject viruses, steal sensitive information and even take control of the victim?s system. 3. Solution Rating this vulnerability high severity and due to the fact that the vendor hasn?t released any patch against this vulnerability, Bkis recommends that users should not open any untrusted PDM file.

References:

http://www.vupen.com/english/advisories/2009/1793
http://www.securityfocus.com/archive/1/archive/1/504738/100/0/threaded
http://secunia.com/advisories/35709
http://blog.bkis.com/?p=713


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top