CVE-2010-10017

HIGH

WM Downloader 3.1.2.2 - Buffer Overflow

Title source: llm

Description

WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records and execute arbitrary code. Exploitation occurs locally when a user opens the malicious file, and the payload executes with the privileges of the current user.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16642

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by fdiskyou · pythonlocalwindows

https://www.exploit-db.com/exploits/14497

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by fdisk, dookie · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/wm_downloader_m3u.rb

View Code ZIP pw:eip

References (5)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/wm_downloader_m3u.rb

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/14497

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/16642

[Vendor Advisory] https://www.fortiguard.com/encyclopedia/ips/24038/wm-downloader-buffer-overflow

[Third Party Advisory] https://www.vulncheck.com/advisories/wm-downloader-buffer-overflow-via-malformed-m3u-file

Scores

CVSS v4 8.4

EPSS 0.0815

EPSS Percentile 92.2%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-120 CWE-134

Status published

Products (1)

WM Downloader/WM Downloader < 3.1.2.2

Published Aug 30, 2025

Tracked Since Feb 18, 2026