CVE-2012-10031

Exploit

EPSS 0.79%
Veröffentlicht 05.08.2025 20:00:15
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

BlazeVideo HDTV Player Pro 6.6.0.3 Filename Handling Buffer Overflow

BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerBlazeVideo Inc.

≫

Produkt HDTV Player Pro

Default Statusunknown

Version 6.6.0.3

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.79%	0.514

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	8.6	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/blazedvd_hdtv_bof.rb

https://www.exploit-db.com/exploits/22931

https://www.exploit-db.com/exploits/18693

https://www.exploit-db.com/exploits/23052

https://web.archive.org/web/20100302202333/https://blazevideo.com/help_center/hdtv-help/Technical-Support.html

https://www.vulncheck.com/advisories/blazevideo-hdtv-player-pro-filename-handling-buffer-overflow

https://nvd.nist.gov/vuln/detail/CVE-2012-10031

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-10031

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-10031

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-10031