[Bkis-11-2009] ProShow Gold Buffer Overflow Vulnerabilities 1. General Information ProShow Gold is a software allowing you easily create photo and video slide shows on DVD, PC and Web. Recently, Bkis has just detected vulnerabilities in the software related to the processing of ProShow Slideshow?s project files (?.psh?). This vulnerability permits hackers to execute malicious code on users? systems. Details : http://blog.bkis.com/?p=737 Bkis Advisory : Bkis-11-2009 Initial vendor notification : 08/06/2009 Release Date : 08/20/2009 Update Date : 08/20/2009 Discovered by : Le Duc Anh, Bkis Attack Type : Buffer Overflow Security Rating : High Impact : Code Execution Affected Software : ProShow Gold version 4.0.2549 (Prior versions may also be affected). PoC : proshow gold poc 2. Technical Description PSH is the extension of an ProShow Slideshow?s project file. There are many bugs found in the way ProShow Gold processing a PSH file with overly long fields. Inadequate check for two fields including cell[n].images[m].image and cell[n].sound.file fields (where m, n is an integer number) could lead to critical buffer overflow errors. In order to exploit, a hacker might create a specially crafted ?.PSH? file and trick users into using it. If successful, hackers can perform local attack, inject viruses, steal sensitive information and even take control of the victim?s system. 3. Solution Rating this vulnerability high severity and due to the fact that the vendor hasn?t released any patch against this vulnerability, Bkis recommends that users should not open any untrusted PSH file. Bkis - Internet Security www.blog.bkis.com