CVE-2010-10016

CRITICAL

BS.Player Free and Pro Editions < 2.57 (build 1051) - Buffer Overflow via M3U Playlist Import

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-10016. PoCs published by Metasploit, C4SS!0 G0M3S, C4SS!0 G0M3S, Chris Gabriel, including Metasploit module exploits/windows/fileformat/bsplayer_m3u.

AI-analyzed exploit summary This exploit targets a buffer overflow in BS.Player 2.57 via a crafted M3U playlist file, leveraging Unicode SEH bypass to achieve arbitrary code execution. It uses a Metasploit module with specific offsets and alignment techniques for Windows XP and 7.

Description

BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/18375

This exploit targets a buffer overflow in BS.Player 2.57 via a crafted M3U playlist file, leveraging Unicode SEH bypass to achieve arbitrary code execution. It uses a Metasploit module with specific offsets and alignment techniques for Windows XP and 7.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BS.Player 2.57
No auth needed
Prerequisites: Victim must open the malicious M3U file in BS.Player 2.57
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by C4SS!0 G0M3S · pythonlocalwindows
https://www.exploit-db.com/exploits/15934

This exploit targets a buffer overflow vulnerability in BSPlayer 2.57 via a maliciously crafted M3U file. It leverages SEH overwrite with a Unicode-compatible payload to achieve remote code execution, offering either a reverse TCP shell or a WinExec calc.exe payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BSPlayer 2.57
No auth needed
Prerequisites: Victim must open the malicious M3U file in BSPlayer 2.57
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by C4SS!0 G0M3S, Chris Gabriel · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/bsplayer_m3u.rb

This Metasploit module exploits a buffer overflow in BS.Player 2.57 via a crafted M3U file, leveraging Unicode SEH bypass techniques to achieve arbitrary code execution. The exploit uses a combination of stack alignment and encoder techniques to deliver the payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BS.Player 2.57
No auth needed
Prerequisites: Victim must open the malicious M3U file in BS.Player 2.57
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v4 10.0
EPSS 0.0070
EPSS Percentile 48.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-120
Status published
Products (1)
BS.Player/BS.Player Free and Pro Editions < 2.57 (build 1051)
Published Aug 30, 2025
Tracked Since Feb 18, 2026