CVE-2011-10015

CRITICAL

Cytel Studio <9.0 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-10015. PoCs published by Metasploit, Luigi Auriemma, including Metasploit module exploits/windows/fileformat/cytel_studio_cy3.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in Cytel Studio 9.0 via a malformed CY3 file. It leverages SEH overwrite to achieve remote code execution.

Description

Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/18027

This is a Metasploit module exploiting a stack-based buffer overflow in Cytel Studio 9.0 via a malformed CY3 file. It leverages SEH overwrite to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cytel Studio <= 9.0
No auth needed
Prerequisites: Victim must open the malicious CY3 file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/17930

This is a vulnerability writeup detailing three stack overflow vulnerabilities in Cytel Studio products (StatXact, LogXact, CrossOver) versions <= 9.0.0. The vulnerabilities include a strings stack overflow, a rows integer overflow, and a CYB USE stack overflow, all exploitable via file input.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Cytel Studio (StatXact, LogXact, CrossOver) <= 9.0.0
No auth needed
Prerequisites: Access to the target system to deliver a malicious file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Luigi Auriemma · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb

This Metasploit module exploits a stack-based buffer overflow in Cytel Studio 9.0 via a malformed CY3 file, triggering an SEH overwrite to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cytel Studio <= 9.0
No auth needed
Prerequisites: Victim must open the malicious CY3 file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/17930
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/18027
Third Party Advisory technical-description exploit
http://aluigi.altervista.org/adv/cytel_1-adv.txt

Scores

CVSS v4 9.3
EPSS 0.0040
EPSS Percentile 31.7%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-121
Status published
Products (2)
Cytel Inc./Cytel Studio < 9.0
Cytel Inc./Studio < 9.0
Published Aug 13, 2025
Tracked Since Feb 18, 2026