cbcvebase.
CVE-2011-10015
published 2025-08-13

CVE-2011-10015: Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when…

PriorityP349critical9.3CVSS 4.0
AVLACLATNPRNUIAVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.40%
31.9th percentile
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.

Affected

1 ranges
VendorProductVersion rangeFixed in
cytel_inccytel_studio<= 9.0

Detection & IOCsextracted from sources · hover to see the quote

filename.CY3
  • Monitor for Cytel Studio opening crafted .CY3 files that trigger a stack-based buffer overflow via oversized string copy into a 256-byte stack buffer
  • A Metasploit module exists for this vulnerability targeting Windows fileformat exploitation of Cytel Studio <= 9.0 via a malicious CY3 file
  • ·Vulnerability affects Cytel Studio version 9.0 and earlier only; exploitation requires the user to open a crafted .CY3 file (file-format / client-side attack vector)
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.