CVE-2012-10031
HIGHBlazeVideo HDTV Player Pro v6.6.0.3 - Buffer Overflow
Title source: llmDescription
BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/23052
exploitdb
WORKING POC
VERIFIED
by Nezim · pythonlocalwindows
https://www.exploit-db.com/exploits/22931
metasploit
WORKING POC
NORMAL
by b33f, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/blazedvd_hdtv_bof.rb
References (6)
Scores
CVSS v4
8.6
EPSS
0.5705
EPSS Percentile
98.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (1)
BlazeVideo Inc./HDTV Player Pro
6.6.0.3
Published
Aug 05, 2025
Tracked Since
Feb 18, 2026