CVE-2011-10008: MPlayer Lite r33064 M3U Stack-Based Buffer Overflow
A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2011-10008?
CVE-2011-10008 is considered critical due to its potential for remote code execution through a stack-based buffer overflow.
How do I fix CVE-2011-10008?
To fix CVE-2011-10008, update MPlayer Lite to the latest version that addresses this buffer overflow vulnerability.
What software is affected by CVE-2011-10008?
CVE-2011-10008 affects MPlayer Lite version r33064 due to improper bounds checking in handling M3U playlist files.
What type of vulnerability is CVE-2011-10008?
CVE-2011-10008 is a stack-based buffer overflow vulnerability that can be exploited through specially crafted M3U files.
Can CVE-2011-10008 be exploited remotely?
Yes, CVE-2011-10008 can be exploited remotely if a user opens a malicious M3U file containing a long URL.