CVE-2010-2004

Bsplayer Bs.player - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vulnerability than CVE-2009-1068.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Dz_attacker · pythonlocalwindows

https://www.exploit-db.com/exploits/11154

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Mert SARICA · pythonlocalwindows

https://www.exploit-db.com/exploits/11146

View Code ZIP pw:eip

References (7)

Core 7

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0148

Exploit x_refsource_misc

http://www.mertsarica.com/?p=511

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38221

Exploit x_refsource_misc

http://www.mertsarica.com/codes/bsplayer_seh_overwrite.py

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55708

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37831

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11154

Scores

EPSS 0.2485

EPSS Percentile 96.2%

Details

CWE

CWE-119

Status published

Products (1)

bsplayer/bs.player 2.51

Published May 20, 2010

Tracked Since Feb 18, 2026