CVE-2011-10022
8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the victim to open a media file that triggers an HTTP request to a malicious server, which responds with a crafted Content-Type header.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SPlayer Project | SPlayer | 0 <= 3.7 (Build 2055) | affected |
Weaknesses
- CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/splayer_content_type.rb
- https://www.exploit-db.com/exploits/17243
- https://www.exploit-db.com/exploits/17268
- https://www.splayer.org/
- https://www.vulncheck.com/advisories/splayer-content-type-header-buffer-overflow
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.