CVE-2011-10008

HIGH

MPlayer Lite r33064 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-10008. PoCs published by C4SS!0 & h1ch4m, C4SS!0 and h1ch4m, Gabor Seljan, including Metasploit module exploits/windows/fileformat/mplayer_m3u_bof.

AI-analyzed exploit summary This Perl script exploits a buffer overflow vulnerability in MPlayer Lite 33064 via a crafted .m3u file, leveraging SEH overwrite and shellcode execution for remote code execution.

Description

A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user.

Exploits (2)

exploitdb WORKING POC VERIFIED

by C4SS!0 & h1ch4m · perllocalwindows

https://www.exploit-db.com/exploits/17013

View Code ZIP pw:eip

This Perl script exploits a buffer overflow vulnerability in MPlayer Lite 33064 via a crafted .m3u file, leveraging SEH overwrite and shellcode execution for remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MPlayer Lite 33064

No auth needed

Prerequisites: Victim must open the malicious .m3u file with MPlayer Lite 33064

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC NORMAL

by C4SS!0 and h1ch4m, Gabor Seljan · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/mplayer_m3u_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in MPlayer Lite r33064 via a crafted .M3U file. It uses a ROP chain to bypass DEP and execute arbitrary code when the victim opens the file.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MPlayer Lite r33064

No auth needed

Prerequisites: Victim must open a specially crafted .M3U file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mplayer_m3u_bof.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/17013

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/mplayer-lite-r33064-m3u-stack-based-buffer-overflow

Scores

CVSS v4 8.6

EPSS 0.6801

EPSS Percentile 98.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121 CWE-20

Status published

Products (1)

MPlayer Project/MPlayer Lite r33064

Published Jul 31, 2025

Tracked Since Feb 18, 2026