CVE-2011-10015
CRITICALCytel Studio <9.0 - Buffer Overflow
Title source: llmDescription
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/18027
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/17930
metasploit
WORKING POC
GOOD
by Luigi Auriemma · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rb
References (8)
Scores
CVSS v4
9.3
EPSS
0.0347
EPSS Percentile
87.6%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (1)
Cytel Inc./Studio
< 9.0
Published
Aug 13, 2025
Tracked Since
Feb 18, 2026