CVE-2011-10015

CVSS

No CVSS.

C

ytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.

References

Link	Resource
http://aluigi.altervista.org/adv/cytel_1-adv.txt
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb
https://web.archive.org/web/20110301000000*/http://www.cytel.com/Software/StatXact.aspx
https://web.archive.org/web/20110708215826/http://www.cytel.com/Software/LogXact.aspx
https://web.archive.org/web/20110708215830/http://www.cytel.com/Software/StatXact.aspx
https://www.exploit-db.com/exploits/17930
https://www.exploit-db.com/exploits/18027
https://www.vulncheck.com/advisories/cytel-studio-cy3-file-stack-buffer-overflow
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb
https://www.exploit-db.com/exploits/18027

Configurations

No configuration.

History

14 Aug 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-13 21:15

Updated : 2025-08-14 15:15

NVD link : CVE-2011-10015

Mitre link : CVE-2011-10015

CVE.ORG link : CVE-2011-10015

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2011-10015", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "[email protected]"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-13T21:15:28.910", "references": [{"url": "http://aluigi.altervista.org/adv/cytel_1-adv.txt", "source": "[email protected]"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb", "source": "[email protected]"}, {"url": "https://web.archive.org/web/20110301000000*/http://www.cytel.com/Software/StatXact.aspx", "source": "[email protected]"}, {"url": "https://web.archive.org/web/20110708215826/http://www.cytel.com/Software/LogXact.aspx", "source": "[email protected]"}, {"url": "https://web.archive.org/web/20110708215830/http://www.cytel.com/Software/StatXact.aspx", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/17930", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/18027", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/cytel-studio-cy3-file-stack-buffer-overflow", "source": "[email protected]"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/18027", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened."}, {"lang": "es", "value": "Cytel Studio versi\u00f3n 9.0 y anteriores son vulnerables a un desbordamiento de b\u00fafer basado en la pila, provocado al analizar un archivo .CY3 malformado. La vulnerabilidad ocurre cuando la aplicaci\u00f3n copia cadenas controladas por el usuario en un b\u00fafer de pila de tama\u00f1o fijo (256 bytes) sin la comprobaci\u00f3n de los l\u00edmites adecuada. Su explotaci\u00f3n permite la ejecuci\u00f3n de c\u00f3digo arbitrario al abrir el archivo manipulado."}], "lastModified": "2025-08-14T15:15:30.383", "sourceIdentifier": "[email protected]"}