CVE-2011-10008
published 2025-07-31CVE-2011-10008: A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long…
PriorityP259high8.6CVSS 4.0
AVNACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.10%
61.6th percentile
A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mplayer_project | mplayer_lite | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect M3U files containing abnormally long http:// URL entries, which may indicate a crafted payload targeting the MPlayer Lite r33064 stack buffer overflow. ↗
- →Monitor for MPlayer Lite processes launched via drag-and-drop interaction with .M3U files, as this is the specific attack vector for exploitation. ↗
- →Look for SEH (Structured Exception Handler) overwrites in MPlayer Lite process memory, which is the mechanism used to control execution flow after the stack overflow. ↗
- →Detect ROP chain activity in MPlayer Lite leveraging gadgets from loaded DLLs, used to bypass DEP (Data Execution Prevention) during exploitation. ↗
- ·Exploitation requires user interaction — the victim must open the malicious .M3U file specifically via drag-and-drop to the player, limiting remote exploitation without social engineering. ↗
- ·The exploit targets a specific build (r33064) of MPlayer Lite; ROP gadget offsets are tied to DLLs loaded by that exact version, reducing portability across other builds. ↗
- ·Arbitrary code executes only with the privileges of the currently logged-in user, not necessarily elevated privileges. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-07-31
Published