CVE-2020-37050

CRITICAL

Quick Player 1.3 - Buffer Overflow via Malicious .m3l File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37050. PoCs published by Felipe Winsnes.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Quick Player 1.3 via a maliciously crafted .m3l file, leveraging Unicode and SEH techniques to achieve arbitrary code execution. The payload is generated using msfvenom and includes alignment and return address manipulation for reliable exploitation.

Description

Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution.

Exploits (1)

exploitdb WORKING POC
by Felipe Winsnes · pythonlocalwindows
https://www.exploit-db.com/exploits/48564

This exploit demonstrates a buffer overflow vulnerability in Quick Player 1.3 via a maliciously crafted .m3l file, leveraging Unicode and SEH techniques to achieve arbitrary code execution. The payload is generated using msfvenom and includes alignment and return address manipulation for reliable exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Quick Player 1.3
No auth needed
Prerequisites: Victim must open the malicious .m3l file in Quick Player 1.3
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.0071
EPSS Percentile 48.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-120
Status published
Products (1)
M.J.M Soft/Quick Player 1.3
Published Jan 30, 2026
Tracked Since Feb 18, 2026