CVE-2011-10008

CVSS

No CVSS.

A

stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mplayer_m3u_bof.rb
https://www.exploit-db.com/exploits/17013
https://www.vulncheck.com/advisories/mplayer-lite-r33064-m3u-stack-based-buffer-overflow

Configurations

No configuration.

History

31 Jul 2025, 18:42

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-31 15:15

Updated : 2025-07-31 18:42

NVD link : CVE-2011-10008

Mitre link : CVE-2011-10008

CVE.ORG link : CVE-2011-10008

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2011-10008", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-31T15:15:31.460", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mplayer_m3u_bof.rb", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/17013", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/mplayer-lite-r33064-m3u-stack-based-buffer-overflow", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la pila en MPlayer Lite r33064 debido a una comprobaci\u00f3n incorrecta de los l\u00edmites al gestionar archivos de listas de reproducci\u00f3n M3U con entradas URL largas con la extensi\u00f3n http://. Un atacante puede manipular un archivo .m3u malicioso con una URL con un formato especial que provoca un desbordamiento de pila al ser procesado por el reproductor, especialmente mediante la interacci\u00f3n de arrastrar y soltar. Esta falla permite controlar el flujo de ejecuci\u00f3n mediante la sobrescritura de SEH y la omisi\u00f3n de DEP mediante una cadena ROP que aprovecha los gadgets conocidos en las DLL cargadas. Una explotaci\u00f3n exitosa puede resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario con los privilegios del usuario actual."}], "lastModified": "2025-07-31T18:42:37.870", "sourceIdentifier": "[email protected]"}