CVE-2011-10022
published 2025-08-20CVE-2011-10022: SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header…
PriorityP258high8.6CVSS 4.0
AVNACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.75%
50.3th percentile
SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the victim to open a media file that triggers an HTTP request to a malicious server, which responds with a crafted Content-Type header.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| splayer_project | splayer | <= 3.7 (Build 2055) | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP responses to SPlayer processes containing anomalously long Content-Type headers, which may indicate exploitation of the stack-based buffer overflow. ↗
- →Alert on SPlayer (version 3.7 or earlier) initiating HTTP requests to external servers, particularly when followed by opening media files — this is the trigger condition for exploitation. ↗
- →Detect SEH overwrite patterns in memory associated with SPlayer processes, as the exploit overwrites the Structured Exception Handler to achieve code execution. ↗
- →A Metasploit module exists for this vulnerability targeting Windows; detect use of the module path exploits/windows/misc/splayer_content_type against SPlayer clients. ↗
- ·Exploitation is client-side and requires user interaction — the victim must open a media file that causes SPlayer to issue an HTTP request to an attacker-controlled server. ↗
- ·The vulnerability affects SPlayer 3.7 and earlier only; the attack vector is the HTTP Content-Type response header, not the media file itself. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/splayer_content_type.rbhttps://www.exploit-db.com/exploits/17243https://www.exploit-db.com/exploits/17268https://www.splayer.org/https://www.vulncheck.com/advisories/splayer-content-type-header-buffer-overflow
2025-08-20
Published