cbcvebase.
CVE-2011-10008
published 2025-07-31

CVE-2011-10008: A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long…

PriorityP259high8.6CVSS 4.0
AVNACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.10%
61.6th percentile
A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user.

Affected

1 ranges
VendorProductVersion rangeFixed in
mplayer_projectmplayer_lite

Detection & IOCsextracted from sources · hover to see the quote

versionMPlayer Lite r33064
filename.m3u
  • Detect M3U files containing abnormally long http:// URL entries, which may indicate a crafted payload targeting the MPlayer Lite r33064 stack buffer overflow.
  • Monitor for MPlayer Lite processes launched via drag-and-drop interaction with .M3U files, as this is the specific attack vector for exploitation.
  • Look for SEH (Structured Exception Handler) overwrites in MPlayer Lite process memory, which is the mechanism used to control execution flow after the stack overflow.
  • Detect ROP chain activity in MPlayer Lite leveraging gadgets from loaded DLLs, used to bypass DEP (Data Execution Prevention) during exploitation.
  • ·Exploitation requires user interaction — the victim must open the malicious .M3U file specifically via drag-and-drop to the player, limiting remote exploitation without social engineering.
  • ·The exploit targets a specific build (r33064) of MPlayer Lite; ROP gadget offsets are tied to DLLs loaded by that exact version, reducing portability across other builds.
  • ·Arbitrary code executes only with the privileges of the currently logged-in user, not necessarily elevated privileges.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.