CVE-2011-10022
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-08-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| splayer | splayer | 3.7 |
| splayer | splayer | 3.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in SPlayer version 3.7 and earlier. It happens when the software processes HTTP responses that contain an excessively long Content-Type header. Due to improper bounds checking on this header value, an attacker can overwrite the Structured Exception Handler (SEH), which can lead to arbitrary code execution. To exploit this, a victim must open a media file that causes SPlayer to make an HTTP request to a malicious server that sends a specially crafted Content-Type header.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on the affected system without requiring privileges or user interaction beyond opening a media file. This could lead to system compromise, data theft, or installation of malware.