CVE-2011-10022

HIGH

SPlayer < 3.7 (Build 2055) - Stack-Based Buffer Overflow via HTTP Content-Type Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-10022. PoCs published by Metasploit, xsploitedsec, including Metasploit module exploits/windows/misc/splayer_content_type.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow vulnerability in SPlayer 3.7 by sending a malicious 'Content-Type' header with excessive length, leading to arbitrary remote code execution. The exploit uses a unicode payload and SEH overwrite technique to achieve reliable exploitation.

Description

SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the victim to open a media file that triggers an HTTP request to a malicious server, which responds with a crafted Content-Type header.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17268

This Metasploit module exploits a buffer overflow vulnerability in SPlayer 3.7 by sending a malicious 'Content-Type' header with excessive length, leading to arbitrary remote code execution. The exploit uses a unicode payload and SEH overwrite technique to achieve reliable exploitation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SPlayer 3.7 or prior
No auth needed
Prerequisites: Victim must use SPlayer 3.7 or prior · Victim must request a media file URL from the attacker-controlled server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by xsploitedsec · pythonremotewindows
https://www.exploit-db.com/exploits/17243

This exploit demonstrates a buffer overflow vulnerability in SPlayer <= 3.7 (build 2055) by sending a maliciously crafted HTTP response with an oversized 'Content-Type' header. The payload includes shellcode to spawn calc.exe and leverages a SEH overwrite to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SPlayer <= 3.7 (build 2055)
No auth needed
Prerequisites: Victim must open a crafted playlist file or URL in SPlayer · Attacker must host a malicious server to serve the exploit payload
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/splayer_content_type.rb

This Metasploit module exploits a buffer overflow in SPlayer 3.7 via an excessively long 'Content-Type' header, leading to arbitrary remote code execution. It uses a Unicode-aware payload and SEH overwrite technique to achieve exploitation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SPlayer 3.7 or prior
No auth needed
Prerequisites: Victim must request a media file URL from an attacker-controlled server · SPlayer 3.7 or prior must be installed on the victim's machine
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v4 8.6
EPSS 0.0075
EPSS Percentile 50.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-120
Status published
Products (1)
SPlayer Project/SPlayer < 3.7 (Build 2055)
Published Aug 20, 2025
Tracked Since Feb 18, 2026