Home / vulnerabilities Bkis-10-2009.txt
Posted on 06 July 2009
Source : packetstormsecurity.org Link
Title : Photo DVD Maker Professional Buffer Overflow Vulnerability
1. General Information
Photo DVD Maker Professional is a tool allows you to create entertaining
photo slideshows with many file formats supported. Bkis has just
detected a vulnerability in the software related to the processing of
Details : http://blog.bkis.com/?p=713
Bkis Advisory : Bkis-10-2009
Initial vendor notification : 12/06/2009
Release Date : 06/07/2009
Update Date : 06/07/2009
Discovered by : Le Duc Anh - Bkis
Attack Type : Buffer Overflow
Security Rating : High
Impact : Code Execution
Affected Software : Photo DVD Maker Professional version <= 8.02 (Prior
versions may also be affected).
PoC : http://blog.bkis.com/wp-content/uploads/2009/07/photodvdmaker_poc.pdm
2. Technical Description
PDM files are used to store essential information about a Photo DVD
Maker Professional Project (in XML format). The software performs
inadequate check for the length of a File_Name tag. This results in a
critical buffer overflow error when set with an overly long value.
file and trick users into using it. If successful, hackers can perform
local attack, inject viruses, steal sensitive information and even take
3. Solution
Rating this vulnerability high severity and due to the fact that the
recommends that users should not open any untrusted PDM file.
