CVE-2012-10031
BaseFortify
Publication date: 2025-08-05
Last updated on: 2025-08-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| blazevideo | hdtv_player | 6.6 |
| blazevideo | hdtv_player_pro | 6.6.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
BlazeVideo HDTV Player Pro v6.6.0.3 has a stack-based buffer overflow vulnerability caused by improper handling of user-supplied input in .plf playlist files. Specifically, when parsing a crafted .plf file, the MediaPlayerCtrl.dll component extracts a filename from a URL-like string using PathFindFileNameA(), then copies it into a fixed-size stack buffer using strcpy without checking the input size. If the input is too large, it overflows the buffer, potentially allowing an attacker to execute arbitrary code with the user's privileges.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on the affected system under the context of the user running BlazeVideo HDTV Player Pro. An attacker could exploit this by crafting a malicious .plf playlist file that triggers the buffer overflow, potentially allowing them to run malicious code, compromise system integrity, steal data, or perform other unauthorized actions.