cbcvebase.
CVE-2012-10031
published 2025-08-05

CVE-2012-10031: BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist…

PriorityP259high8.6CVSS 4.0
AVNACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.79%
51.6th percentile
BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.

Affected

1 ranges
VendorProductVersion rangeFixed in
blazevideo_inchdtv_player_pro

Detection & IOCsextracted from sources · hover to see the quote

filenameMediaPlayerCtrl.dll
filename.plf
  • Monitor for stack-based buffer overflow triggered by opening a crafted .plf playlist file in BlazeVideo HDTV Player Pro v6.6.0.3, specifically within the MediaPlayerCtrl.dll component via PathFindFileNameA() followed by an inline strcpy without bounds checking.
  • Alert on BlazeVideo HDTV Player processes loading or executing code from MediaPlayerCtrl.dll when processing .plf files with abnormally long embedded strings, which may indicate exploitation of the filename handling routine.
  • ·Exploitation occurs under the context of the logged-in user; impact is limited to user-level privileges unless combined with a privilege escalation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.