CVE-2011-10008
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-07-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mplayer_lite | r33064 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in MPlayer Lite r33064 caused by improper bounds checking when processing M3U playlist files with long http:// URL entries. An attacker can create a malicious .m3u file with a specially crafted URL that triggers a stack overflow during processing, especially via drag-and-drop. This allows the attacker to overwrite the Structured Exception Handler (SEH) and bypass Data Execution Prevention (DEP) using a Return-Oriented Programming (ROP) chain, potentially leading to arbitrary code execution with the current user's privileges.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to execute arbitrary code on the affected system with the privileges of the current user. This could lead to unauthorized actions such as installing malware, stealing data, or taking control of the system.