lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4A8CD11D.70007@bkav.com.vn>
Date: Thu, 20 Aug 2009 11:29:17 +0700
From: Bkis <svrt@...v.com.vn>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [Bkis-11-2009] ProShow Gold Buffer Overflow
	Vulnerabilities

[Bkis-11-2009] ProShow Gold Buffer Overflow Vulnerabilities

1. General Information

ProShow Gold is a software allowing you easily create photo and video 
slide shows on DVD, PC and Web. Recently, Bkis has just detected 
vulnerabilities in the software related to the processing of ProShow 
Slideshow’s project files (“.psh”). This vulnerability permits hackers 
to execute malicious code on users’ systems.

Details : http://blog.bkis.com/?p=737
Bkis Advisory : Bkis-11-2009
Initial vendor notification : 08/06/2009
Release Date : 08/20/2009
Update Date : 08/20/2009
Discovered by : Le Duc Anh, Bkis
Attack Type : Buffer Overflow
Security Rating : High
Impact : Code Execution
Affected Software : ProShow Gold version 4.0.2549 (Prior versions may 
also be affected).
PoC : proshow gold poc

2. Technical Description

PSH is the extension of an ProShow Slideshow’s project file. There are 
many bugs found in the way ProShow Gold processing a PSH file with 
overly long fields. Inadequate check for two fields including 
cell[n].images[m].image and cell[n].sound.file fields (where m, n is an 
integer number) could lead to critical buffer overflow errors.

In order to exploit, a hacker might create a specially crafted “.PSH” 
file and trick users into using it. If successful, hackers can perform 
local attack, inject viruses, steal sensitive information and even take 
control of the victim’s system.

3. Solution

Rating this vulnerability high severity and due to the fact that the 
vendor hasn’t released any patch against this vulnerability, Bkis 
recommends that users should not open any untrusted PSH file.


Bkis - Internet Security
www.blog.bkis.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ