CVE-2012-10031

Exploit

EPSS 53.03%
Veröffentlicht 05.08.2025 20:00:15
Zuletzt bearbeitet 05.08.2025 21:06:02
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerBlazeVideo Inc.

≫

Produkt HDTV Player Pro

Default Statusunknown

Version 6.6.0.3

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	53.03%	0.979

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	8.6	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/blazedvd_hdtv_bof.rb

https://www.exploit-db.com/exploits/22931

https://www.exploit-db.com/exploits/18693

https://www.exploit-db.com/exploits/23052

https://web.archive.org/web/20100302202333/https://blazevideo.com/help_center/hdtv-help/Technical-Support.html

https://www.vulncheck.com/advisories/blazevideo-hdtv-player-pro-filename-handling-buffer-overflow

https://nvd.nist.gov/vuln/detail/CVE-2012-10031

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-10031

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-10031

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-10031